They say people move away from pain and toward pleasure. The problem is, sometimes people don’t realize they’re in pain, so they stay right where they are.
Luckily, new data from a IDG Research Services shows that, when it comes to log management, many Chief Security Officers (CSO’s) and their equivalents are realizing that their old school log management solutions are causing them pain. I liken it to the move from rotary dial phones to digital, and the move from land lines to cell phones. It took a while for people to realize the advantages of moving to a next-generation phone, but once they got a taste of the new stuff, there was no going back.
The top 3 trends identified by the study are:
- CSO’s want a simpler, more effective way to deal with security and compliance requirements.
- CSO’s realize they need to be able to do more with their log management solutions to address today’s security threats.
- CSO’s are paying a premium for log management solutions and not realizing the full value.
It seems there’s been a wake up call, and it’s time for next-generation log management.
The problem is that old school approaches to log management are very brute force. As Paul VanAmerongen of Multicare says in a recent CSO Magazine Market Pulse piece,
“Log management tries to log everything without evaluating the actual value.”
I affectionately refer to the piles of data gathered by old school log management approaches as “the landfill of log data” – in other words, there might be some value in there somewhere but it’s not pleasant to go digging around in the pile.
The side effect of “the landfill effect” is clear in the IDG study: 69% of enterprises surveyed are willing – if not already planning – to pull the plug on their legacy log management solutions.
Wow, that’s a lot of pain to move away from.
What is “next-gen” then?
In this context, “next-gen” means taking an intelligent approach, with a solution that combines log management with other capabilities to automatically pull the events and incidents of value (aka “events of interest”) out of the landfill and escalate them with full context, so your staff can actually management through security events, not just get blindsided by them. The magic trinity of capabilities for a next-gen solution is:
- Log management to capture all events;
- Security information & event management (SIEM) to identify and elevate events of interest;
- The ability to detect changes to your IT assets and identify “changes of interest” based on your policies and standards, and capture these “changes of interest” including who made the changes, and the exact contents of what they changed – and do that across the enterprises.
Next-gen solutions can do all of this in real time, and integrate all of these functions together in a single pane of glass.
What about you – are you happy with your existing log management solution?