According to Gartner in certain scenarios, ‘centralized log management for security event monitoring is having a renaissance’

New York, February 6, 2017 Balabit, a leading provider of Contextual Security Intelligence (CSI) technologies, today announced that it has been identified as a representative vendor in a Gartner report entitled:  ‘Use Central Log Management for Security Event Monitoring Use Cases’ .  The report focuses on the role of Central Log Management (CLM) in improving threat monitoring and detection, and recognizes the challenges of fragmented or incomplete log management environments.  It also looks at the factors that can hamper Security Information and Event Management (SIEM) deployments such as training and licensing models, and examines use cases where CLM can help organizations to maximize the return on their SIEM tool investments.

Regarding the current log management challenges organizations face, Gartner’s report states: “…At the other end of the spectrum, enterprises that have started their SIEM journey usually end up in one of two places: underinvested in their initial implementation and having to find budget to increase capacity to meet their use cases, or overlicensed and being stuck paying higher maintenance costs to the SIEM vendor for years for that unused capacity.”

Balázs Scheidler, Balabit co-founder and CTO comments: “The report recognizes given particular scenarios, the importance of a centralized log management for security event monitoring is having a renaissance. This is something that we have been advocating for more than 16 years. For many organizations, the resource constraints, coupled with the budget and expertise requirements for successful SIEM deployments can mean that they don’t always meet expectations. Added to that, there are often unknown costs to factor in, particularly when SIEM costs are based on the volume of data processed.”

The report includes recommendations from Gartner that security and risk management leaders responsible for security monitoring and operations should pay attention to:

 - Use a CLM tool to address security monitoring and compliance use cases where there are insufficient resources or budget for a SIEM or for managed security services.

 - For midsize organizations, look to use existing IT and network operations log management tools to collect and manage security event logs.

 - Consider a multitier approach using a CLM tool when planning a SIEM deployment to avoid overutilization, and overlicensing, from the start.

 - Use a CLM tool to better manage your existing SIEM tool investment if your organization has an existing SIEM solution that cannot scale its collection and analysis capabilities due to budget constraints.

 

Scheidler continues: “There are ways to optimize SIEM investments, to lower the total cost of ownership and to improve incident response capabilities.  Analysis for security alerts is only as good as the information that is received from logs. By filtering irrelevant data and classifying messages before they are fed to SIEM solutions, organizations can reduce the costs of their SIEM investment and process structured and unstructured data across their IT environment. For some of our customers, we are reducing their SIEM licensing costs by as much as 40%.”

Balabit’s syslog-ng collects, processes, and transfers logs from a wide variety of sources and securely stores the data or forwards it to analytic tools such as SIEM. More than a million users worldwide trust syslog-ng to deliver log data from across their IT environments. Whether it’s deployed as a software or as a turnkey appliance, syslog-ng supports the use cases most frequently mentioned by clients to Gartner: improving foundational security capabilities in the absence of other means and augmenting new or existing SIEM deployments or service engagements. 

 

Gartner Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

  

About Balabit

 Balabit - founded in Budapest, Hungary - is a leading provider of contextual security technologies with the mission of preventing data breaches without constraining business. Balabit operates globally with offices across the United States and Europe, together with network of reseller partners. Balabit’s Contextual Security IntelligenceTm platform protects organizations in real time from threats posed by the misuse of high risk and privileged accounts. Solutions include reliable system and application Log Management with context enriched data ingestion, Privileged User Monitoring and User Behavior Analytics. Together they can identify unusual user activities and provide deep visibility into potential threats. Working in conjunction with existing control-based strategies, Balabit enables a flexible and people-centric approach to improve security without adding additional barriers to business practices.

Founded in 2000 Balabit has a proven track record, with 23 Fortune 100 customers and more than 1,000,000 corporate users worldwide.

For more information, visit www.oneidentity.com, or follow on Twitter via @OneIdentity, LinkedIn or Facebook.

# # #

The syslog-ngTm, the syslog-ng Store BoxTm, the Shell Control BoxTm and the BlindspotterTm as well as the BalabitTm names are trademarks of Balabit S.A. All other product names mentioned herein are the trademarks of their respective owners.

 

Media contact

Andrea Ipolyi
Balabit PR
+36-1-398-6700
andrea.ipolyi@balabit.com

Anonymous
Related Content