Friday, April 22, 2011

SANS 7th Log Management Survey 2011 is [Almost] OUT

SANS is almost ready with their 7th Annual Log Management Survey, which would be unveiled at two SANS webcasts on April 25 and April 26 (both at 1PM EST / 10AM PST). The SANS log management survey is a useful measure of what organizations do with logs and how it changes year over year. SANS states that “organizations still want better access to their log data and better integration with third party security software and their SIEM systems and their Windows logs.”

I am allowed to share a few (very few!) bits from a report, but expect full analysis from me when it officially comes out. So:

  • Collection has dropped way down among the most challenging tasks related to logs – now categorization, reporting, analysis and other higher level tasks show up as top challenges (good news!)
  • Alerting / detection again trumps search / investigations as far as basic log use cases are concerned (it is definitely very interesting since post-incident search requires much less tuning than alerting)
  • PCI DSS still rules the roost of “logging for compliance”… which mandate is #2? Well, wait for the survey to come out Smile
  • Windows logs still spell “t-r-o-u-b-l-e”, even after Windows Vista and new XML logging (only 10% are happy with it…): “analysis is the top problem that organizations have with Windows log management.” And Snare agent still rules.

Enjoy the webcasts and the report next week!

Possibly related posts:

Dr Anton Chuvakin