Security Log Management: Now for SMBs
Smaller organizations are interested in using security logs to detect and prevent unauthorized access and identify employee abuse of the network, creating an opportunity for VARs to offer log management as a service.
By Hailey Lynn McKeefry
Although large organizations long cornered the market on the technology, SMBs have begun to recognize the usefulness of the logs generated by security and network devices, servers, and mainframes.
“Every year, the number of SMBs doing log management is going up,” says Jerry Shenk, senior analyst at the SANS Institute, an information security training, certification, and research firm. “Initially, their biggest challenge was collecting log data, while now it is an issue of interpreting that data.”
In fact, 84 percent of SMBs have one or more log servers, and 42 percent spend “a few man-hours per week” analyzing the data, according to a June 2010 SANS Institute Log Management Survey.
Yet even as they grapple with how to read the logs, small organizations see the opportunity to use security logs to detect and prevent unauthorized access and identify employee abuse of the network, according to the report. These same SMBs want to leverage log data to meet regulatory requirements, perform forensic analysis, and troubleshoot IT problems as well.
This increasing awareness, combined with the time and expertise limitations that are the norm in small companies, provide a huge opportunity for solution providers to add log management as a service offering.
PCI compliance requirements for organizations that take credit cards and a need for forensic data after a security breach often drive SMBs to seek help, says Urvish Vashi, vice president of marketing at Alert Logic Inc., a provider of cloud-based managed solutions for IT security and compliance in Houston. “To be effective, solution providers should access customers around these two pain points,” he says.
For service provider XiloCore, based in Las Vegas, security log management, including running a security assessment and regularly reviewing logs, has become a key part of the disaster recovery and business continuity service it launched three years ago. “In our customers, we see a sense of anxiety over impending security breaches, coupled with concern about affording protection,” says Lester Keizer, XiloCore’s CEO. “These services provide a fabulous opportunity to educate our small business customers.”
In addition, access to security logs can help solution providers identify service, maintenance, and IT expansion opportunities at existing customers to increase their revenues and improve the customer experience.
