The SANS WhatWorks 2007 Log Management Summit

What Works in Log Management for Compliance, Operations and Security

Dates:

April 23 - 25, 2007

Summit Venue:

Fairmont Hotel, San Jose, CA

A special discount rate of $175 S/D will be honored based on space availability. This rate includes high speed internet in your room. Make your reservations now, this special rate is only available through April 2, 2007.

NOTE: You must mention that you are attending the SANS Institute conference to get the discounted rate.

Back By Popular Demand:

SANS 2006 Log Management Summit was over-subscribed with more than 280 delegates, and many people urged SANS to bring the Summit to the West Coast. Here's what some of those attendees said about the summit:

• Focused on real problems and possible working solutions for log management. Good, fast-paced information distribution, typical of SANS. - Bill Eshbach, Independence Blue Cross
• A great event that provided the information to spawn a fountain of ideas around log management and analysis and the ammunition to sell the ideas to upper management. - Michael Mercier, RBL
• Getting feedback from various user groups who have already implemented a log management solution and getting to know information about various vendor products at a single event has provided a lot of valuable information. - Suresh, Ford Motor Company
• The Log Management Summit provided perspective and insight into the log management 'problem' whether you are just getting your feet wet, have been burned by solutions, or are happy with what you've got. - Nicole Pauls, TriGeo

One of the reasons attendees value SANS Summits is the opportunity to hear real stories from those who have fought the war. Gord Taylor from the Royal Bank of Canada says, It's all about making peer contacts, and learning from them about real problems, real obstacles, and real solutions.

Summit Overview

Regulatory requirements have made log management one of the two fastest growing areas of security. In fact, nearly every major regulation affecting cyber security now demands or implies the need for continuous logging and effective log management — HIPAA, SOX, ISO 27001, COBIT. Even the Payment Card Industry (PCI) standard appears to demand it. And regulations governing information security technology are evolving as fast as the technology itself. Beginning in 2007, for example, a significant motivator for compliance with HIPAA is that "whistleblowers" for violators of the new guidelines may be awarded 15% of any associated fines.

Organizations that have implemented log management systems have found that the systems provide far more value than simply meeting compliance requirements. Their greatest value lies in the improvements they create in your defensive posture. The Summit is designed to help you select the right tools and implement them in ways that ensure you both meet the regulatory requirements and improve your security. And as a bonus you'll hear from organizations that have found they can use log management to improve operational efficiency as well as security.

So even if auditors and regulatory compliance demands are driving you to implement log management, it makes business sense to use that technology to improve security as well. SANS Log Management Summit is the best opportunity to go beyond regulatory demands and ensure your new log management system is doing all that can be done to improve your organization's security.

If you work for one of the more clued-in organizations that are moving ahead to implement automated log management, come learn from the people already using this technology. SANS Log Management Summit focuses on what works well in log management - the best practices.

The Log Management Summit is a user-to-user, non-commercial conference on what works in log management. It is the only place where you can learn about the strengths and weaknesses of competing technologies, where users will share the lessons they learned about what to log and what to keep and what to report.

Register Today to get answers to these key questions and more in Log Management

1. What specific requirements of HIPAA, Sarbanes Oxley and the PCI standard (and other standards and regulations) make log management mandatory?
2. How can log management data be culled and normalized so every system administrator gets a daily report summarizing just the things he or she needs to know from the logs?
3. What specific security events can be flagged through logs and how do you do it? How can advanced intelligence make the information in the logs more valuable?
4. What are consensus best practices in log management? Which reports are most useful, and how do you create them? How should they be interpreted? How can log management effectively integrate with intrusion detection for maximum value?
5. What log management and security event management architectures make the most sense in your business environment, with your technological requirements? Which products implement those architectures?
6. What are the biggest mistakes organizations make when they implement log management systems and how can those mistakes be avoided?

Who Should Attend?

• Storage managers, database and data warehousing managers, and security managers should attend as a team. Organizations that care about protecting sensitive information need managers who can reliably work together to deploy the right technologies and process to secure that information. Joint attendance at the Summit will go a long way toward getting everyone reading off the same page.
• Security auditors and incident handlers who need to know the greatest threats to their organizations' data and what needs to be done to protect it.
• Security architects and CTOs who are trying to determine what technologies and processes are most critical for protecting sensitive information stored in their organizations.
• Consultants tasked with helping organizations design the right defenses to protect their sensitive information.

Why Log Management Matters

Operating system and application logs are an untapped mine of vital information about the health and well-being of an organization's computer infrastructure. When properly configured, these logs record the day-to-day activity of system users; administrative changes made by the folks who manage critical production systems; and capture evidence produced by malicious activity. When log management is working, you can review changes to your operational environment made by system administrators and operators. You can see unusual activity from your authorized users; you will be able to monitor people without credentials who are trying to get in and you can track what they are doing when they do get in.

Best of all, with the right logging configuration you'll capture the history of a hacker's activity on your machine, from the establishment of unauthorized accounts to the installation of back-doors, enabling you to quickly isolate and repair affected systems after an intrusion.

All organizations have a responsibility for the contents, protection and ability to produce log files. According to Benjamin Wright, attorney and author of Business Law and Computer Security, "System logs are critical to protect an enterprise under California's Senate Bill 1386. That law requires a holder of personal data to notify the data subject if there exists reason to believe the data's security has been compromised. Clean system logs are the enterprise's proof that it has no reason to suspect a compromise."

The smallest network has numerous devices that generate log data. Servers, routers, firewalls, wireless access points, anti virus systems and most other network components can be set to generate a substantial amount of vital information about the health of the network. Very few companies take advantage of this information; few proactively monitor their system logs, and even fewer have in place the technology and intelligence to efficiently review the logs in the event of an incident. Best practices dictate that logs should be generated, archived and monitored regularly, for oversight of employee activity, as well as for prevention and detection of system outages and security breaches.

Without real log management, organizations are out of compliance and at risk.

How Good Are SANS Summits?

Here's what people who attended the last Summit said:

• It's great to network with people who share and experience the same problem and pain. The knowledge exchange exploring problems and solutions and futures has given me valuable insight for future planning and implementation of a log management solution. - Rick Genes, Lockheed Martin
• It's events like this one that set the log standards that others use as their baselines. It's not all about the conference sessions - it's also about making peer contacts. - Gord Taylor, Royal Bank of Canada