So, I have a lot of fun comments from SANS Log Management Summit and too little time to post. Here are some general ones; I will probably go into details early next week.
One fun bit was from a lawyer talk. He suggested that security policies need to be as vague, losse and flexible as possible so that if you are dragged to court, the jury won't find that a) you had a very specific written policy, b)you were aware of it and c)you patently didn't follow it (for whatever reason). Result? Jail time for negligence! :-)
Overall, the conference is probably the most useful one I attended, ever (!) Yeah, there was a boring speaker or two, but overall the quality was awesome and a lot of fun material came to light. In addition, it looks like SANS will be helping with a log standard initiative! Let's see whether this time it will work...
I also did my first vendor panel in my new role of a Director of Product Management. It sure was fun, if a bit stressful at times. Unlike in my previous job, I actually believe in LogLogic technology and can defend it against evil competitors. From the panel and other meetings I realized that while some are still confused about the differences between SIEM and log management, there is a core of people who understand it and either deploy both (if needed) or choose wisely to satisfy their requirements.
Let's see what Richard will blog about the conference :-)