David Spark here reporting for Tripwire at the 2010 RSA Conference in San Francisco.
In this video are Tim Zonca (@timzonca), Product Marketing Manager of Tripwire and Dwayne Melancon (@ThatDwayne), Tripwire’s VP of Log Management. Melancon offered a great explanation of the value of change information synced with log events. He compared it to a traditional security system which only behaves like a traditional logging product. It can tell you that somebody opened the door, or broke a window. What it won’t tell you is what that thief did once he made it into your house.
Wouldn’t it be great if your security system could tell you that? It could tell you every step the thief took. Every item he touched, and if he actually removed something from your house. Or maybe he placed something in it so he could come back later. That’s exactly what a change log synced with an event log can tell you. It can give you greater insight into behavior on your network, connected with an actual event.
Check out more of Tripwire’s coverage from the 2010 RSA Conference in San Francisco.