Various compliance regulations - such as PCI DSS, SarBox and HIPAA - have driven organizations to implement log management to track access to cardholder data, financial information and patient data, etc. In all cases, collecting, retrieving and auditing logs related to these data access events serve as a compensating control for the direct controls governing the data access itself, such as role-based access privileges enforced by identity and access control mechanisms. While direct controls are preferred over compensating controls, the latter are a necessity given the fact that budget and staffing levels are finite.

Thus security and compliance operations represent an imperfect and finite effort that must constantly cope with a protection gap. The trick is to minimize the risks incurred by this gap. When organizations “zoom out” from their targeted compliance efforts, they realize that gaps exist everywhere, not just on their PCI servers. It is at this point that proactive organizations see the value of collecting a comprehensive view of their IT security landscape. But when they turn to their SIEM and/or log management vendor to help them pursue this vision, they invariably run into obstacles that prevent progress:

• Not all of their event data sources are supported
• Daily data load rates are too high for the system to keep up
• Total data under management is too high for the system to manage and prohibitively expensive to store
• Data dashboarding, reporting and querying limitations minimize the value of collecting the data

Because SenSage customers don’t encounter these obstacles, I have been a bit blind to the general industry struggle on this point. Our customers are pursuing the vision of Security Intelligence as the ultimate compensating control for IT security operations because they can. And it doesn’t stop with basic log management and retrieval - it includes real-time monitoring, compliance reporting, ad-hoc investigation and flexible drill-down from any of these use cases. By maintaining their favorite drill-downs in their portfolio of reports, security analysts get to delegate the data crunching to SenSage while they elevate their understanding of and responsiveness to the threats facing their organization.

There are few panaceas to be found in life. But the more I read about security industry challenges, the more I appreciate the fact that SenSage customers enjoy a powerful compensating control for their imperfect, finite and always changing security, risk management and compliance operations.

permalink