DeckerWright Corporation provides consulting services to assist clients with responding to and meeting enterprise level security requirements. These requirements are derived from HIPAA, ISO and PCI security requirements and are written into agreements many companies must agree with in order to transact business. One of the emerging trends is for companies to maintain log files for up to a year so that in the event of a security breach. The log files may be reviewed for clues on what happened and what may have been compromised. An additional requirement is for the log files to be reviewed for potentially malicious activity. A day’s worth of firewall logs could easily exceed 100,000 entries.
The industry response to the needs has been the development of SIEM systems. SIEM systems allow for the protected offsite storage of device (eg. Firewall and server) log files for specific periods of time. The SIEM tools also review the log files looking for potential bad behavior and can provide alerts for further investigation, or action to resolve problems. The latest generation of SIEM tools can “connect the dots” by linking behavior in one device to device in other devices to identify an evil pattern of behavior. We have begun to deploy SIEM systems for our clients that must meet these security requirements.