Log Management

The increasing demand for legally accurate records that meet the rising tide of regulatory compliance has driven the need for reliable, forensically secure log storage. Industry and government mandates dictate that certain types of data needs to be stored intact for specified periods of time. Corporate governance dictates that given types of records be verifiably destroyed after their storage period is complete.

Log Management is a turnkey solution that works seamlessly with SIEM to provide secure storage and full life cycle management of event data. Log Management’s cryptographic storage and military?grade data destruction provide the stability of knowing that you are keeping records in accordance with government policy. With massive internal storage and compatibility with SAN and NAS storage systems, Log Management can manage any volume of data over any span of time. Log Management supports encrypted transport to ensure that the data stored remains unchanged from creation to destruction.

Log Management stores events in raw format in a forensically secure appliance. Events are digitally signed and stored ensuring their admissibility as evidence in a court of law. Log Management allows storage of an unlimited number of events for forensic purposes. Log Management can be deployed in a fashion that ensures optimal “Chain of Custody” management, and is capable of supporting encrypted communications from the originating device where that device supports the ability.

Features

Log Management is a forensically?secure solution to long term storage of raw log data.

Digital Signatures ensure data that comes out is the same that went in
Encrypted Transport ensures chain?of?custody of log data
10:1 Compression saves valuable space
SAN/NAS Interoperability allows for limitless scalability

In addition Log Management features:

  • Compliant data storage
  • Unlimited scalability
  • Seamless integration with SAN and NAS
  • Automated storage reports
  • Analytic tools for forensic investigation
  • Ability to run detailed quarries across years of data
  • Data security time?stamped
  • Data digitally signed
  • AES 3DES Encrypted transport
  • Military?grade data destruction
  • High Performance
  • Optimized for high?capacity data storage and retrieval
  • Stability and Reliability
  • 7×24 Support
  • Data feed for continuous updates
  • Redundancy and high availability

Architecture
SIEM and Log Management architecture has three key components:

SENSORS

Sensors are designed for managing security. Each sensor collects a wide range of information about its local environment, then processes this information and coordinates detection/response with the rest of the distributed components.  An individual sensor includes an arsenal of security technology in a single device. The result, the combined capabilities of numerous detection and control points globally visible with seamless compliance management tools available to operations and executive staff.

Sensors are installed on network segments and in remote locations and can be deployed in an agent or agent-less architecture depending on your requirements. They inspect all traffic and detect attacks through various methods, all while collecting information on attack context without affecting network performance.

The sensors utilize more than ten expert systems that identify attacks along five different axes:

  • Intrusion detection
  • Anomaly detection
  • Vulnerability Detection
  • Discovery, learning and network profiling
  • Inventory management

The sensors locate both known and unknown attacks in real-time. This is possible because of the integration of learning engine and anomaly detection standard in all products.

Vulnerability Detection systems discover and identify latent network threats, correcting them before an attack can occur. This information, stored by the management server, is vital when an attack is in progress. Prior knowledge of vulnerabilities in systems are critical when: assessing the risk associated with an attack, and prioritizing, alerting, and launching countermeasures.

The network information gathered by sensors provide detailed status in real-time in regards to network usage of each host, storing this data for analysis. Every deployment automatically creates a highly detailed usage profile for each element on the network that it is monitoring.

The collectors gather the events generated by the Sensors and any external system. Collectors classify and normalize the events before sending them to the SIEM and Logger. In order to support the maximum possible number of applications and devices, collectors use data source connectors (also called collection plugins):

  • Each connector defines how events generated by each device will be collected and normalized
  • Connectors can be configured using a simple configuration file and regular expressions to define the format of each type of event
  • The collector component can be deployed as a standalone system or included in the sensor or SIEM appliance, depending on the performance need

THE LOGGER

The logger component stores events as a raw format in a forensically secure appliance. Events are digitally signed and stored, ensuring their admissibility as evidence in a court of law. The logger component allows storage of an unlimited number of events for forensic purposes.
Loggers should be deployed in a fashion that ensures optimal “chain of custody” management. The logger is also capable of supporting encrypted communications from the originating device.  The open VPN client that is included with Logger can be used to create a secure channel for events from host sources.

SIEM
The SIEM component provides the system with security intelligence and data mining capacities, featuring:

  • Risk assessment
  • Correlation
  • Risk metrics
  • Vulnerability scanning
  • Data mining
  • Real-time monitoring

The SIEM component uses a SQL database, which stores normalized information, allowing strong analysis and data mining capabilities. SIEM is tuned for high performance and scalability.

Scalability and Performance – Distributed Topologies and Load Balancing.

For large, distributed networks, multiple SIEM, sensor, collector and logger components can be deployed without limit.  The SIEM architecture supports fully customizable, multi-hierarchical, multi-tenanted deployments enabling data from hundreds of thousands of workstations to be easily monitored and synthesized. Responsibility for analysis and storage of information can be assigned on a per node basis, this enables reporting up to a central system, that in turn provides a global view of enterprise information risk at any given moment from a single console.

Benefits

When you are confident that your compliance and governance requirements are met, you can spend your resources focusing on your core business functions. Log Management is the reliable answer to: meet auditing requirements, perform automated storage and manage destruction of records to fit your policy and regulatory environment so you can get back to business.

You do not need to hire a team of forensic experts to have a high level of protection against mandates or threats. Bohn has embedded state-of-the art forensic expertise into Log Management. Data is verifiably collected, maintained and destroyed on your schedule. Included analysis and reporting tools ensure that compliance or legal requirements are easily met including:

  • Full forensic life cycle management from collect ion to storage to destruction
  • Digitally signed and time?stamped
  • Forensic auditing and analysis tools
  • Military?grade data destruction
  • High performance architecture
  • Unlimited scalability
  • Digitally signed and encrypted storage of raw data
  • SAN/NAS interoperability for unlimited scalability
  • Encrypted log transport
  • High performance data capture

True Cloud-Based Log Management Includes:

Fast Deployment. Unlike traditional log management solutions, Log Management is deployed in hours or days (not months) depending on the number of devices to be monitored and services to be deployed. There is no hardware or software installation required.

Audit, Compliance and Reporting. Whether you need to meet PCI, HIPAA, SOX, or other compliance requirements, Bohn provides the tools that you need. With out-of-the-box compliance reports you can easily and quickly generate reports to meet audit requirements saving time, money and valuable resources.

Interoperability.  Designed from ground up for cloud and for a multi-tenant environment, Bohn is based entirely on industry standards allowing organizations to enable Log Management for any device regardless the location and type. With over 3000 collectors out-of-the-box Log Management can collect your log from a Windows system, Cisco device or virtually any other device in your environment with unprecedented interoperability.

Reduced IT Complexity and Cost. Log Management is a true cloud-based offering. There are no IT complexities or expensive hardware or software required. All you need is an internet connection, Bohn will take care of the rest.

On-Demand Scalable Pay-As-You-Go Service, All You Need Is An Internet Connection. Log Management is a service with a pay-as-you-go events-per-second (EPS) subscription model.  Unlike expensive traditional models, there are no perpetual licenses or license fees. Neither are there any hardware or software costs.  It’s that simple. After connecting with your system logs, Log Management takes care of the rest. All you need is an Internet connection. Software upgrades are automatic. The web-based administration allows for automated account management, analysis and reporting. Simple, reliable and effective.

Not Just Log Management, Integrated Modular System Supporting Your Growth.
Unlike other products,  SingleSource platform provides a comprehensive suite of products to address Web SSO, SaaS SSO, identity management, SIEM and log management. Start with Log Management and add other modules later. Manage all your devices from one management console enabling centralized access control.  Bohn provides the same cloud philosophy for all modules in the suite.  How about SIEM?  SIEM complements Log Management by specifically identifying security events, correlate these events based on asset value, security risk assignments and type of threat, among other factors to eliminate false positives, allowing you to focus on real security risks and events.

Proven Technology. 
Bohn technology has been used in large organizations and government agencies supporting very large numbers of devices.  Log Management is designed for cloud use as a multi-tenant, high performance and scalable system based on the latest SOA and web services technologies.  There are no agents to install.