Case Study: Log Management and Regulatory Compliance in the Energy Sector

Sph3r3, LLC ( www.sph3r3.com ) provides consulting and situational awareness services for the NERC CIP standards, the SOX Act and HIPAA requirements. Specifically, Sph3r3’s NERC CIP consulting practice provides assessment, architectural and integration services for CIP-002-1 through CIP-009-5.

Sph3r3 reviewed many solutions to support the unique model necessary within the Bulk Electric system requiring ensured high availability, accuracy and response for distributed log aggregation across geographically disparate locations.

“Dorian’s products and support team helped us to meet and exceed our initial audit trail logging and analysis objectives”, said Sph3r3 President and Principal Consultant Matthew Luallen. The solution also ensured non-administrative rights for log file access within Microsoft Windows ® systems. This was an important requirement to enforce the appropriate separation of duties.

The Sph3r3 solution leverages the Dorian software titles Event Archiver ®, Event Alarm ® and the Event Archiver Importer Tool. The solution collects events locally on Microsoft Windows ® systems and remotely from hosts via syslog (IETF RFC 3164) within the Electronic Security Perimeter (ESP).

His system provides the appropriate audit trails automatically to two central monitoring facilities for correlation of cyber, physical and operational events. Once there, the modular architecture of Dorian’s family of log management solutions provides the option of Event Analyst ® for reporting and correlation or the flexibility of choosing an existing in-house tool.

For more on rolling out a similar Dorian Software based solution to meet NERC CIP requirements, or to explore other regulatory compliance scenarios, contact Sph3r3 via www.sph3r3.com.

You can also find out more about the Dorian Software Total Event Log Management Suite ™ at www.doriansoft.com/totalsolution/.