Shulou(Shulou.com)06/01 Report--

With the continuous development of information technology, all kinds of organizations and enterprises have been deeply using information systems. In order to cope with all kinds of security situations under complex conditions (such as ***

In addition, in addition to these dedicated security devices or systems that generate various logs every day, business systems, host systems, network equipment, etc. used by organizations or enterprises on a daily basis will also generate many security-related logs, all of which have the following problems:

n They vary greatly in format and there is no uniform standard

n They are too numerous for users to focus on

n It is difficult to mine the correlation between various logs, so it is difficult to audit

These reasons will lead to log audit work difficult to carry out, so the deployment of centralized log audit system becomes necessary; In addition, the significance of deploying centralized log audit system at all levels of organizations or institutions lies in:

n It is the need of information security management: log audit is one of the most important links in daily information security management; extracting valuable parts from complicated logs is the biggest appeal of all kinds of information security managers, participants and stakeholders, so it is necessary to choose a highly reliable, high-performance and powerful log centralized audit system;

It is the need of the construction of security technology assurance system: a complete information security technology assurance system should be composed of three parts: detection, protection and response, and log audit is one of the indispensable means to detect security incidents. At present, IDS/IPS systems that most information systems rely on can only detect some of the network's most dangerous events, and lack the ability to monitor security events such as illegal operations of operation and maintenance personnel, abnormal system operation, and equipment failure, and these abnormal events are precisely the largest part of the security threats to internal information systems. Log audit system through the analysis of the equipment, systems, applications, databases generated by the operation of logs, can timely detect all kinds of security risks detected by the detection system, and timely give warnings, so as to avoid the occurrence of security incidents;

n It is the need for compliance with various regulatory requirements, such as: Information Security Level Protection (almost all levels require audit functionality), Information Security Risk Management Specifications, Internet-based e-government information security guidelines, Banking Financial Institutions Information System Management Guidelines, etc. In addition, relevant international standards and norms also clearly put forward the importance of information security audit system, such as Sarbanes Act, ISO27001 and so on require enterprises to keep the transportation logs of important systems and equipment, and periodically conduct third-party audits.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.