Security device logs provide an ongoing record of network threats and are an essential resource for developing a risk management program. Government and commercial regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX) increasingly require organizations to collect device logs and provide an audit trail for all systems and applications impacted by these regulations, monitor and report on suspicious users and activity and securely archive this data in a tamper-proof format.
Developing a Log Management Process
Often times, implementing a logging system is just the first step, and most organizations do not have a process in place, or the staff resources to handle the ongoing log management. Compiling and analyzing log data from multiple applications is tedious and time-consuming. Many organizations faced with limited resources choose to let these logging devices run, and the monitoring or auditing of logs does not become a priority until there is an issue.
Log Management Through Security-as-a-Service
Vigilar’s ATLAS Log Management module, part of the ATLAS Security-as-a-Service platform, provides organizations with a secure, tamper-proof, automated audit trail for system and application components. This enables the reconstruction of user activity and events, in accordance with PCI and Sarbanes-Oxley requirements.
To further compliance, the Log Management service module provides off-premise retention of log data for a minimum of one year, with three months of online availability, easing the archiving burden. In addition, Vigilar’s team of security experts can conduct daily log reviews for event discovery and notification, if required.