SANS Study Points To Growth In Log Management & Intelligence

SAN JOSE, Calif. – May 31, 2007 – The SANS Institute (www.sans.org) in conjunction with log management and intelligence provider, LogLogic (loglogic.com), today announced preliminary findings of the 2007 Log Management Survey -- slated for public release in June. The survey polled more than 650 IT professionals in government, financial services, banking, manufacturing, healthcare, telecommunications, and education sectors from the North American Global 2000 (G2000) - Forbes's comprehensive list of the world's biggest companies.

"As we look at the data from SANS's research and our experiences in the medium to large Enterprise market it is apparent that we are looking at a $1 billion (USD) plus market driven principally by new Governance, Risk and Compliance (GRC) requirements," said Chris Brennan, CEO, LogLogic. "As approaches based on homegrown solutions and proprietary tools fail to meet these requirements, Enterprises will move to open log data warehousing solutions capable of easily integrating with their GRC applications - and delivering intelligence and insight in their own right."

"This study shows that log management and intelligence has moved from a troublesome, daily IT task to a critical activity for IT security, forensics and operations,"said Alan Paller, Director of Research at SANS. "Some pioneering enterprises have found ways of making log management into a powerful weapon in fighting back against cyber crime. I hope many more follow their lead. to gain maximum benefit and insight from log data."

Key findings surfaced from the survey include:

• Log data monitoring continues to grow exponentially. Of those surveyed over 61% report using log data to assess IT incidents and minimize downtime (an increase of 24% over 2006 survey results).
• Log data retention is up significantly, but most of the G200 and G2000 are still failing to meet compliance regulations. Despite regulatory recommendations or requirements that logs be maintained for three to five years, 11% say they keep log files between 30 and 90 days, 10% retain data for six months and 5% less than 30 days. Remarkably, a full 14% say are not sure how long they keep log data, relying on the system default as defined by their operating system.
• Security while important is not the prime motivation for log management. More than half of those surveyed reported operations management and monitoring the health of the network as the prime motivation for using log data. 43% indicated compliance with SOX, PCI and other mandates as the top priority.
• The quantity of stored log data is rising. 57% percent of survey respondents store logs from as many as 500 sources.
• Log files are reviewed multiple times weekly. Log files on security devices are reviewed at least a few times a week by more than half of those surveyed while 44% review log files for non-security devices at least once weekly.
• Enterprises collecting more logs, but not satisfied with data. More people have log servers- 57% this year compared to 35% last year, so it's clear enterprises are trying to get a grip on all this information. However, they're still not getting that information digested in useful enough ways. One of the indicators is the fact that 63% are not passing data on to other groups. Another indicator is that 63% stated that they were not satisfied with the data they were getting.
• Appliance-based solutions lead in large Enterprises. Among the larger companies (the Global 2000), 55% are using an appliance-based log management solution.

In support of the 2007 Log Management Survey, SANS Institute and LogLogic will conduct a webcast in June to further discuss the results, current logging trends and the future of log management and intelligence.

A webcast presenting the results will be held on June 6, 2007. For more information and to register, go here.