COMPLIANCE EFFORTS STALL WITH LOG DATA REPORTING REQUIREMENTS
Dorian Software Boosts Custom Log Reporting Capability In Response
For immediate release
6/23/2008 - Atlanta GA
June 23, 2008, Atlanta, GA – Whether it be HIPAA, Sarbanes-Oxley, NERC-CIP, or PCI DSS, many IT organizations are working toward some compliance standard. And though most understand the general goal toward which an IT organization is moving in such an effort, the devil is in the details. Nowhere is this more obvious than in the area of event log management.
Though there are a number of similarities in the types of log data being sought for auditing purposes across standards, different auditors have different interpretations of the standards themselves. Then, with different business types and models often being affected by the same standard, there isn’t a specific one-size-fits-all group of log data and set of trackable events that applies across the board. Throw in the myriad possible network configurations, and custom-reporting capability for log files is practically a requirement in any compliance strategy.
Staff of Dorian Software Creations, Inc. report that feedback from auditors and end users doesn’t reflect a consistent data set being sought from log file information. As a result, their conclusions regarding “one size fits all” log management packages is simple: Relying on any one “canned” report package for compliance is both risky and unwise.
In response, Dorian Software Creations, Inc. has beefed up its custom reporting capability in the latest release of its Event Analyst ® software (http://www.doriansoft.com/eventanalyst/) to better enable auditors and administrators to access the data they require.
As an example of the importance of modularity and flexibility in reporting, consider the category of Object Access auditing on the Microsoft Windows ® platform. Is it enough to simply track the number of times particular users touch a particular file over time? Or, must each independent access to a file be documented, including the access rights used to open the file at that time? Do different file servers for different departments - marketing versus finance, for example - need to be audited and reported against differently? Must the actual program used to access those files originally be documented after a forensic incident?
Unfortunately, compliance demands placed on companies are ramping up just as they are starting to deploy Windows Vista ™ and Windows Server ® 2008, with its completely new logging format - the EVTX file. Network administrators are learning the hard way that the new EVTX format on the Windows Vista or Windows Server 2008 machines cannot be opened on legacy Windows XP ® and Windows Server 2003 platforms. Even more challenging is the inconsistent behavior displayed by the built-in Event Viewer in Vista and Server 2008 when it is used to review down-level EVT files from legacy systems.
Given the radical changes to the EVTX format over its EVT predecessor - including the complete renumbering of security event identifiers - it is a foregone conclusion that previously designed automation in log management appliance and software products will be broken.
Dorian however is banking on its expanded custom report capability and its LogRefiner ™ technology to get reliable results. In 2007, Dorian Software launched its proprietary LogRefiner technology well ahead of the wider public’s adoption of the EVTX format. Already incorporated into Dorian’s patented Total Event Log Management Solution ™ lineup, LogRefiner technology is intended to help organizations work with the EVT and EVTX logs side-by-side.
The latest release of Event Analyst - version 7 - provides an even stronger union between templated reporting and custom reporting of both EVT and EVTX log formats.
Until more specific universal standards in compliance are established for reporting log data, Dorian Software Creations will continue to focus on modularity, flexibility, and empowering administrators and auditors to easily design what they’re looking for.
Dorian Software Creations, Inc. also provides white papers at no charge to aid with compliance-driven implementations of its log management software, as well as the challenge of the new EVTX logging format. For more information, visit http://www.doriansoft.com/compliance and http://www.doriansoft.com/EVTX respectively.
For more information on Dorian Software and its patented Total Event Log Management Solution, visit http://www.doriansoftware.com. Dorian Software can also be contacted by phone at 1-866-682-3646 in North America.
Copyright © 2001-2008 Dorian Software Creations, Inc. UltraAdmin, Total Event Log Management Suite, LogRefiner, and the Dorian word mark are trademarks or registered trademarks of Dorian Software Creations, Inc. Microsoft, Active Directory, Microsoft Windows, Windows Server, and Windows Vista are trademarks or registered trademarks of the Microsoft Corporation. All other trademarks are the trademarks of their respective companies
|
