In the security world, there are a LOT of things to keep track of on a daily basis. There is no shortage of legitimate security threats, not to mention all the mundane operational activities that need to be managed: OS/app patches, rogue access points, physical security, post-it notes with passwords (yes, I’m guilty here too)… the list really is endless.
In an environment like this, it’s impractical to proactively check every single system and make sure there’s nothing wrong. Instead we fall back to an approach where we rely on the system to tell us what’s happening, and we look for anomalies – basically, log monitoring. However, with so much going on, it’s sometimes really tough to know when something stops logging… much less be in a position to respond to it in a timely fashion.
Today we’re releasing a new solution called HyperLogging (6/22/2011 Press Release) and I had the opportunity to interview Tripwire’s professional services engineers who developed this solution. Here are the responses from Jason Iler and Cory Plummer.
What problems does HyperLogging solve and for whom?
HyperLogging is a logging assurance solution that monitors your environment and looks for any indication that logging has been disabled (or even ‘dialed down’) – and it automatically reenables it to ensure continuous logging integrity. Organizations concerned with security will benefit from continuous logging as it “removes the blindspot” and provides continuous visibility into the activities that are happening in their environment. Obviously this has significant benefits in terms of regulatory compliance as well.
Why did you develop the solution?
We talk to a lot of security and compliance people who use products in very targeted ways. So we developed the solution as a way to give them an integrated solution to fill this void in security and compliance. Without continuous and complete logging, organizations are at risk of missing critical events in their environment. In today’s security and compliance landscape, such risk cannot be tolerated.
What would life without HyperLogging look like?
Imagine a presidential event with a large contingent of secret service agents all capturing and relaying information to one another through a central command post. Now imagine that one of the agents observes a significant threat to the president and attempts to relay the information to their team via an earpiece that is not functioning. It is easy to see that lack of continuous communication from all data sources can have disastrous consequences in any type of security situation.
How can organizations benefit from it?
Virtually any organization could gain significant benefit from this approach. This is a very flexible solution – it works on any platform covered by Tripwire Enterprise (file systems, databases, network devices, virtual servers, and so on), that is capable of generating log events. If it can send logs and we can monitor the integrity of the device, we can set up HyperLogging.
Also, this specific solution – logging enablement – is just scratching the surface of what can be done with this approach. Having a trusted agent on the box is a very powerful thing, particularly when coupled with very capable logging and exceptional configuration management functionality. We’re just beginning to explore what can be done with this technology, and we have a lot of other great ideas in the works.
Thank you Cory and Jason for the insights on this solution! Check out how HyperLogging can help you prevent the blind spots that lead to data breaches.
6/22/2011 Press Release: Tripwire Unveils Controls-Based Data Protection Strategy
Tripwire VIA HyperLogging Datasheet