{"id":975,"date":"2010-01-16T10:42:57","date_gmt":"2010-01-16T05:12:57","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=975"},"modified":"2010-02-01T11:23:33","modified_gmt":"2010-02-01T05:53:33","slug":"log-management-and-intelligence-lmi","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/log-management-and-intelligence-lmi\/","title":{"rendered":"Log Management and Intelligence-LMI"},"content":{"rendered":"<p><strong>Introduction<\/strong><\/p>\n<p>LMI is a governance enabler. Log data is no longer just the domain of technical personnel (traditionally used for trouble shooting). Log data is no longer just an IT asset and it is a corporate and business asset. It is used extensively by both management and external parties (auditor, forensic investigators) and hence has gained executive level visibility. In this post we look at the new approach to log management.<\/p>\n<p><!--more--><\/p>\n<p><strong>Sources of Log Data<\/strong><\/p>\n<p>IT infrastructure in an organisation would generally comprise the following:<\/p>\n<ol>\n<li>security      solutions such as firewalls, antivirus<\/li>\n<li>OS      Platforms<\/li>\n<li>Clients      and Servers<\/li>\n<li>Applications<\/li>\n<li>User<\/li>\n<\/ol>\n<p>It is therefore inevitable that the number of event logs generated by these components would run to millions of lines of data. All this leads to an information overload of diverse logs-too much information.<\/p>\n<p><strong>What is a Log?<\/strong><\/p>\n<p>It has been estimated to account for about 20%-30% of enterprise data. So what is a log? It is a detailed description of user and system activity comprising events such as logon attempts, Security Breaches, Credit Card data access, User Privilege changes etc. It is a record of all events occurring in the enterprise.<\/p>\n<p><strong><br \/>\n<\/strong><\/p>\n<p><strong>Approaches to Log Management<\/strong><\/p>\n<p>Traditional approaches to log management results in information overload as data was kept in silos and there was no clear ownership of log data. Analysis of data was mostly manual as data was not in a consistent format and hence time consuming and therefore delay any risk mitigation process.<\/p>\n<p><strong> <\/strong><\/p>\n<p><strong><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-997\" src=\"https:\/\/www.qadit.com\/blog\/wp-content\/LMI1.JPG\" alt=\"Traditional Approach\" width=\"640\" height=\"413\" srcset=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/LMI1.JPG 640w, https:\/\/qadit.com\/blog\/wp-content\/uploads\/LMI1-300x193.jpg 300w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><br \/>\n<\/strong><\/p>\n<p><strong>The LMI approach consists of the following steps<\/strong>:<\/p>\n<ol>\n<li>Collect      and Index- 100% of logs from any source and at anytime<\/li>\n<li>Alerts      based on real time and hence quick risk mitigation<\/li>\n<li>Store-Log      data should be encrypted and stored<\/li>\n<li>Report-Relevant      information in the right hands through use of dashboards to meet the      relevant legislative requirements<\/li>\n<\/ol>\n<p>The new approach of LMI is based on a fully integrated log data warehouse- a single instance of logs that makes it easier to ensure that all data is stored and encrypted. This approach ensures that LMI is a platform for enterprise wide compliance.<\/p>\n<figure id=\"attachment_998\" aria-describedby=\"caption-attachment-998\" style=\"width: 640px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-998\" src=\"https:\/\/www.qadit.com\/blog\/wp-content\/LMI2.JPG\" alt=\"LMI-New Approach\" width=\"640\" height=\"417\" srcset=\"https:\/\/qadit.com\/blog\/wp-content\/uploads\/LMI2.JPG 640w, https:\/\/qadit.com\/blog\/wp-content\/uploads\/LMI2-300x195.jpg 300w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><figcaption id=\"caption-attachment-998\" class=\"wp-caption-text\">LMI-New Approach<\/figcaption><\/figure>\n<p>Log Management and Intelligence solutions also provide you with the ability build custom searches on log data, build a policy library that is mapped to regulatory frameworks and create dashboards and reports.<\/p>\n<p><strong>LMI is not a log management approach it is mandatory<\/strong><\/p>\n<p><strong> <\/strong><\/p>\n<p>LMI is not a just a new approach to log management it is also been made mandatory by SOX, ISO27000 and PCI to name a few. For instance Requirement 10 of PCI states that &#8211;<\/p>\n<ol>\n<li>Automate      and secure audit trails for event reconstruction<\/li>\n<li>Review      logs daily<\/li>\n<li>Retain      audit trail history<\/li>\n<\/ol>\n<p>There are other regulation require log monitoring activities and that the organisation take steps to ensure accuracy of logs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction LMI is a governance enabler. Log data is no longer just the domain of technical personnel (traditionally used for trouble shooting). Log data is no longer just an IT asset and it is a corporate and business asset. It is used extensively by both management and external parties (auditor, forensic investigators) and hence has &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/log-management-and-intelligence-lmi\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Log Management and Intelligence-LMI&#8221;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[24,78,12],"tags":[],"class_list":["post-975","post","type-post","status-publish","format-standard","hentry","category-grc","category-information-technology","category-itsec"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-fJ","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=975"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/975\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}