tacLOGHost

Log data management is a must-have

If you elect to use active log data management, you face an increasing number of regulatory requirements (compliance). Guidelines from legislators and auditors demand that companies protect IT systems against misuse through the seamless preservation of evidence and strong control mechanisms. The focus is on core functions, such as archiving large volumes of log data in its original format and protecting it against being modified. However, it is also vital to be able to rapidly analyse large volumes of data to identify security incidents or operating problems.

All of these requirements are covered by our integrated, compact, low-cost appliance and are available in tacLOGHost, which can also be of use to small IT infrastructures.

Customer benefits

• Save money: licences are granted per appliance with an unlimited number of log clients
• Normalisation: central storage of various log clients
• “Google your logs”: log data analysis has never been so fast
• Preservation of evidence: by archiving and protecting original log data
• High performance: receive more than 15,000 log messages per second
• Sustainable: easy to expand and create a comprehensive SEM solution

Function overview

Normalisation

• Broad-based support for log clients by various OEMs

Archiving

• For the preservation of evidence, integrity protection and traceability

We are happy to help you scale and produce a concept of this type. Our many years of experience in log management can guide you on the path to success.

Content

Recording and analysing requirements for central log management:

• Log clients, log servers and data sources (adaptors, interfaces)
• Data management (data provision, archiving)
• Users (data protection, access privileges)
• Reporting requirements (real time, prints, PDF)
• Alert requirements (event generation, monitoring integration)
• Availability, service contract
• Visualisation of reports and analyses for a central service overview

We can adapt the focus areas to your needs and requests.

Examples:

• Enterprise security
• Compliance
• IT operations and change management
• Business intelligence
• Server virtualisation

Results

Findings and analyses from the workshop will be incorporated into a document covering:

• Recommendations for scaling the data volume
• Central log management architecture and topology
• Data availability and failsafe protection
• Data routing and archiving
• Access concept, users and roles
• Suggestions for producing analyses, reports and dashboards

Expand to create a comprehensive SEM/monitoring solution

tacLOGHost is easy to expand to create a company-wide security event management (SEM) solution. You can do this by distributing software modules to individual appliances. Not only does this boost performance, it allows you to compile and centrally analyse log data across several security zones or locations.Additionally, you can use terreActive’s monitoring solution, tacMON, to build a combined monitoring/SEM solution.

Analysis and reporting

• Via a user-friendly Web interface
• Easy, fast graphical representation of large volumes of log data
• Event generation
• Alerts for pre-defined events

Scenarios for using tacLOGHost

tacLOGHost is designed to be used in a selected security zone (DMZ etc.) to systematically monitor key applications (e-business, ERP, etc.) and is aimed at medium-sized IT infrastructures. tacLOGHost is indispensable anywhere you generate, correlate and analyse large volumes of log data. tacLOGHost was developed for the following scenarios and is constantly being optimised.

Archiving and separation of powers

Fast, low-cost archiving of large volumes of data demands the appropriate architecture. Special RIT technology makes tacLOGHost perform especially well. Its inbuilt protection to prevent original log data being modified enables preservation of evidence and simultaneously guarantees separation of powers. Log data on tacLOGHost can no longer be manipulated by the log client system owner, and can be monitored by an independent internal or external party.

Audit trail

The main goals here are traceability and preservation of evidence. Many companies are carrying out far more audits than ever before. Audits require significant effort and consume a growing number of resources. As a result, tacLOGHost supports this activity through a range of different functions. Access to log data can be precisely specified using roles and groups, allowing authorised persons to review information without having access rights to log clients. Reports are predefined, and you can use the Web interface to define as many analyses (views) and filters as you need to access the information you want - fast.

IT security monitoring

Real-time scanning of all inbound log data means the system can identify known events immediately and send out the relevant alerts. The tools here allow you to set a baseline, outlining the typical behaviour for your own IT infrastructure and giving you a better idea of how it works and how to monitor it. These tools also alert you quickly and safely to any deviations from this normal behaviour so that you can investigate them in-depth. You can progressively enhance the system by adding event and alert recognition, which also increases IT security.

Operation monitoring

If it’s true for IT security, then it’s true for IT operations. You can use this same approach (“baselining”) to record and visualise the operating behaviour of your IT infrastructure. Configuration errors are easy to identify, all kinds of error messages are highlighted and you can use these for proactive monitoring. This improves transparency and boosts operating quality.

• High-performance correlation functions – for high alert quality across all integrated objects
• Predefined templates – for fast, successful SEM implementation

Aggregated information – for example, 10 million log entries compressed into just 20 alerts

• Event interfaces – for easy integration with helpdesk tools and ticketing systems