Having said that, one of the primary problems with our current solutions for tracking changes and enabling audit response is that we just can't make sense of all the data that's being collected. One of the findings in the SANS Log Management Survey for 2010 is that the top two challenges with log management are being able to search through the data and being able to interpret the results. That's no surprise given the mountains of data generated by log management solutions. But it's also alarming because that's the exact value proposition that those solutions are supposed to provide. It's like a car that does everything well except move from one place to another.
There's a better way. In this SC Magazine article titled Answers, Not Data: The Key to Access Security, David Rowe explains that next generation audit solutions need to focus on providing answers and enabling continuous audit rather than stubbornly latching on to quantity of data as the success indicator. Give it a read and please let me know what you think.
No comments:
Post a Comment