Why Using A Log Management Service Might Be Right For You
There are a growing number of Managed Security Service Providers (MSSP’s), such as IBM and Symantec, and Verisign, and other companies, such as Savvis, offering an outsourced service to collect and retain system logs, generally called a log management service (LMS). The initial instinct for many would be to reject such a crazy thought as outsourcing log management, but there are some big advantages, and some things to consider.
Compliance and Security
I mentioned in a previous post that system and security logs should be stored on a separate device, where system administrators don’t have access to tamper with the logs. Many IT organizations don’t have the resources to dedicate an administrator to managing a log system. Outsourcing the storage of logs creates an immediate and effective separation of duties between the administrators of systems and the log data without the need for additional staff.
Storage and Scalability
Over time, the storage requirements and processing capacity to handle an organization’s logs will grow substantially. Throw in the requirements to maintain backups and disaster recovery, and maintaining a log infrastructure can be quite costly. Outsourcing log storage with a log management service provider eliminates the need to account and budget for those issues in-house. The log management service providers generally have efficient, scalable and redundant systems for handling the load and add capacity when needed, without impacting the customer’s internal cost structure.
Reporting and Analysis Features
Another big advantage with using an LMS is the reporting and analysis functionality that comes with the service. There are generally not unique features or functionality, but it does replace the need to spend thousands of dollars on a log analysis application, and the time and money to maintain such an application.
Things to Think About Before Jumping In
The contract cost from the log management service provider is not the only cost involved. The logs have to get from your systems to the provider’s systems, which equates to Internet bandwidth. The cost impact is entirely dependent on the volume of logs that the organization produces.
An organization considering using a log management service should evaluate the content of the logs that would be conveyed to a 3rd party, and whether sending such data to a 3rd party is acceptible.
[...] of those acts has the ability to remove log evidence of his activities. Subscribing to a Log Management Service is a good way to address this [...]
[...] The depth of protections that may need to be applied to a logs provides a good example of why a Log Management Service should be considered. Tags: Centralized Log Server, Log Management Service Published by admin on [...]