Symantec Unveils Log Management Services

"All organizations have risk that they need to manage with respect to IT," said Grant Geyer, vice president of Symantec Managed Security Services. "Risk management isn't trying to solve everything. It's trying to determine which risks you're going to accept and which risks you're going to regulate or mitigate."

Above all, Symantec's new service provides a new approach to security monitoring by targeting specific challenges associated with compliance requirements and risk management, execs said. Specifically geared for enterprises, the new offering provides an integrated solution that incorporates a subscription-based service coupled with the Symantec Security Information Manager appliance, which serves as a log management system for security monitoring, compliance reporting and log archiving requirements.

The multilayered service is intended to help businesses stay in compliance with regulatory and industry requirements, such as the Payment Card Industry Data Security Standard, in order to avoid potential penalties, by extending real-time security monitoring to server and application log files. When serious security threats are detected in real-time, alerts will be sent to Symantec security centers. Notification of the threat will be sent to affected customers and security professionals will be available to recommend any necessary remediation steps. The system also allows for customers to take a comprehensive look at their data and correlate information in order to get a complete picture of the security threatscape.

"Traditionally, if there's an attack targeting a customer, you'll be able to see it at the firewall or IDS level, but you may not be able to see it in context if the attack was successful," said Geyer. "Being able to correlate log management security data with IP and firewall gives you a pretty good sense if this attacker is attacking other systems on the network."

"It makes all the difference in the world in trying to determine a serious security event from the things that are benign," he added.

Addressing increasing scrutiny from regulatory bodies, the log management service also includes enhanced and more efficient compliance reporting capabilities. Customers will be able to modify various reports on anything from password change requests to disabled accounts to the number of invalid login attempts. The service then provides the ability for users to log into the portal and update the frequency of reports at their discretion.

"It provides a lot of detailed information on actual activity going on in a system that customers might want to be aware of," said Geyer. "It's not just helping companies comply with industry regulations, but helping them to comply with their own policies."

In addition, new service offers log archiving, which allows the customers to define their own personal log retention requirements according to their own security policies, as well as archive numerous records on their premises without any limitations.

Because the system is managed by Symantec security professionals, enterprises will also receive access to the company's global security experts 24 hours a day for threat monitoring and analysis, which will in turn reduce investigation time and workload for internal IT organizations. For enterprises that prefer not to outsource services, the Security Information Manager appliance allows customers to purchase and essentially build their own security management operation in-house without the added Symantec service.

"We all know that there is increased scrutiny from regulatory organizations. Being able to report on key control objectives is on the mind of every enterprise," said Geyer.