HP Integrity rx1620 Server 1.60 GHz 267 MHz FSB Base System AB431A#0D1 プリント
製品コード
AB431A#0D1
Why manage more event data?
Some companies are already experiencing a need to store and manage greater volumes of event
data. Other companies do not have or are not yet aware of this need. For those who believe they do
not have a need to manage large volumes of event data, this section will either help confirm that
conclusion, or change that perception.
The following are the main drivers for increasing volumes of event data.
Increased sophistication of external security threads
As companies enhance their ability to prevent and detect external threats, those posing the threats
The following are the main drivers for increasing volumes of event data.
Increased sophistication of external security threads
As companies enhance their ability to prevent and detect external threats, those posing the threats
also get more sophisticated. External threats are increasing in complexity and length of duration. The
time for completion of a successful attack has extended from hours, to days, to weeks, and in some
time for completion of a successful attack has extended from hours, to days, to weeks, and in some
cases to months. The ability to detect such threats is directly limited by the time range represented by
the event data available for analysis. To keep pace with the ever increasing time range of attacks,
security managers must have access to greater volumes of event data encapsulating the greater
periods of time required for an attack to unfold.
Increase sophistication of internal security threats
Internal security threats are often more serious and costly versions of external threats. The person
Internal security threats are often more serious and costly versions of external threats. The person
orchestrating an internal attack has more information, some authorization at access points, and more
awareness of the value of corporate assets, more knowledge of IT infrastructure and most importantly,
more time. Historically, security management has been mostly focused on external threats―even
more time. Historically, security management has been mostly focused on external threats―even
though the greatest financial and legal risks come from inside! To detect internal threats, one has to
analyze event data over a longer period, and that analysis must include both authorized and
unauthorized access events. Access to event data is crucial for any company hoping to strengthen its
ability to manage internal security threats.
ability to manage internal security threats.
Compliance with government regulations
To comply with government regulations, companies face legal mandates regarding the quantity and
To comply with government regulations, companies face legal mandates regarding the quantity and
quality of event data that must be captured, stored, and made accessible. This relationship between
compliance and event data results in increased needs for event data accessibility and storage.
Some of those needs are:
Some of those needs are:
• There must be no time gaps in event data.
• Event data for all related assets must be available.
• All original event data must be available, which means there should be no filtering, interpretation,
• Event data for all related assets must be available.
• All original event data must be available, which means there should be no filtering, interpretation,
or aggregation.
• A chain-of-custody for event data must be shown.
Event data can be considered forensic evidence for some future criminal action. Any missing or
filtered event data will be considered contaminated evidence. It would render the entire set of
available event data both suspicious and inadmissible. Compliance legislation such as Sarbanes-
available event data both suspicious and inadmissible. Compliance legislation such as Sarbanes-
Oxley and Gramm-Leach-Bliley acts affect all corporations. Other compliance laws such as HIPAA,
FFIEC, FISMA, NISPOM, DCID, and VISA CISP, affect specific vertical industries. The scope of
compliance varies from business to business, but all companies are required to comply with some
level of regulation. Many government compliance mandates are beginning to require enterprises to
level of regulation. Many government compliance mandates are beginning to require enterprises to
store and analyze greater volumes of event data over long periods of time.
3