LogLogic at SANS Network Security Conference

It was standing room only today at the SANS Network Security Conference in Los Angeles.  More than 100 students attended LogLogic's Lunch & Learn entitled "Log Management for the IT Professional."

Chima Njaka, LogLogic's systems engineer dazzled the crowd with a log management product presentation including a live demo.  Want to learn more about LogLogic events?  Click here.

October 25, 2005 in LogLogic News | | Comments (0)

More on our partnership with BlueCoat

SOX Compliance Journal has more on our partnership with BlueCoat. We're providing advanced support for the Blue Coat ProxySG family of appliances, which include the ability to provide ah-hoc, real-time reports on Web caching and Web surfing activity extracted from ProxySG log data. And, you can aggregate, archive, and quickly search unaltered Blue Coat logs to ensure compliance with requirements from Sarbanes-Oxley and HIPAA, as well as legal inquires if needed. Search-filter alerts from Blue Coat logs can also be set up to warn administrators of suspicious or unusual behavior.

October 08, 2005 in LogLogic News | | Comments (0)

Data Leakage in NY

Expect to see this more and more....

Information Leaks Leave University Students Vulnerable

By Eleazar David Meléndez
Spectator Staff Writer  October 05, 2005

A harmless act of procrastination by a Queens College law student inadvertently uncovered what has become a massive headache for hundreds of City University of New York students, employees, and affiliates.
The university rushed to inform CUNY students last week that a security foul-up had compromised their confidential information. As New York Newsday first reported on Tuesday, the student, Googling her own name at a computer in the school’s library, found a set of documents that revealed the sensitive personal information of over 300 students. She told Newsday she recalled screaming, “What the hell is this?” in the middle of the library.

October 07, 2005 in LogLogic News | | Comments (0)

CERT Pushes for Standard Malware Names

Newsfactor Network is reporting that CERT Pushes for Standard Malware Names
The U.S. Computer Emergency Readiness Team (US-CERT) has kicked off an initiative to create common names for Internet worms and threats.
The Common Malware Enumeration (CME) initiative aims to reduce confusion with the general public that is caused by disparate naming schemes for Internet threats.

A recent worm that used a known vulnerability in the Windows operating system, for instance, was referred to as Zotob.E by Symantec, W32/IRCbot.worm!MS05-039 by

Currently, Internet worms are often named using information about the virus or follow a description the author entered when crafting the malware. The new naming scheme uses a CME-number, with the first virus being called CME-1 and so forth.

October 07, 2005 in LogLogic News | | Comments (0)

Compliance Tips from the Pros

SearchSecurity today has some tips to streamline and spearhead your compliance efforts.   

While many of you have undergone the rigors of meeting compliance requirements for Sarbanes-Oxley, some of you are new to the role, or are associated with companies that are just going public and have not previously been subject to this legislation. For those of you lucky enough to have drawn the assignment, the task may seem quite daunting. However, there are a few steps you might want to consider that could help slice sizeable task into manageable servings.

October 05, 2005 in LogLogic News | | Comments (0)

Personal Data Breach Study

Two recent articles site stastics from New York-based global law firm of White & Case LLP who just released the results of a national survey on data security breach notification.   Computerworld's piece says

In a national survey of more than 1,000 victims of personal data security breaches, nearly 20% said they had already terminated their relationships with companies that maintained their data, while another 40% said they might do so. And nearly 5% of those surveyed said they had hired lawyers to seek legal recourse after their data was put at risk.

This SearchSecurity piece states

The goal in all of these laws is to ensure consumers know when they're at risk of fraud and identity theft. But such a measure does not come without consequences. Rather than be grateful for the notice, consumers are angry that the messages are densely written or void of details, and they're terminating relationships and even seeking damages in court.

September 30, 2005 in LogLogic News | | Comments (0)

Compliance Glossary

Here is a great resource for all terms compliance from the folks at Compliance Pipeline. Once you have mastered  your terms, try this quiz.

September 29, 2005 in LogLogic News | | Comments (0)

Links & Blinks:: Sep 28, 05

IT Observer on something very relevant to LogLogic - automation of compliance efforts. We play a key role in automating aspects of any compliance effort concerned with infrastructure and transaction logs:

  • What’s in store for compliance and information security efforts for the second year of Sarbanes-Oxley requirements? Fifty-eight percent of financial executives recently surveyed say improving the monitoring, structure, and vetting of their compliance controls is now a top priority. Half also plan to thoroughly vet existing business processes, and 43 percent want to further automate manual controls, especially for compliance-related reconciliation and security procedures.

September 28, 2005 in LogLogic News | | Comments (0)

Information Protection

With Port Authority, we've been speaking to the issue of information protection. Log management and intelligence plays a critical role in protecting information and mitigating risks. Take a look at our recent web cast for more.

InformationWeek reports that messaging reportedly makes financial industry vulnerable to compliance breaches:

“In an industry where protecting intellectual property plays a key role in the health of the business, it is troubling that more than 75 percent of the employees surveyed felt that it would be easy to send proprietary information outside of the company,” said Orchestria CEO Bo Manning. “As technology advances and more channels of communication are accessible in the work place, the potential for breaches will only increase.”

A systematic approach to log management and intelligence, with automated alerting and reporting on 100% of log data - not just the 4% or less that most SIEM solutions address - is a critical best practice for any IT organization looking to fill this hole.

September 27, 2005 in LogLogic News | | Comments (0)

New Loggies

We've been growing the team here at Log Logic. New Loggies are Andrew Lark, chief marketing officer and Tony Chang , vp of engineering. Welcome to both - they'll be posting here soon. Here is what Chris had to say:
 “LogLogic continues to attract world-class talent, underscoring the excitement and interest in the market for our groundbreaking solutions,” said Christopher D. Brennan, president and chief executive officer at LogLogic. “Driven by compliance, security and risk mitigation, enterprises of all kinds are standardizing and automating their log management processes – from storage and reporting to proactive alerting on security and other issues. The automation, search and analysis of all this data can be characterized as ‘log intelligence’ for executives, and provides compliance conformance and risk mitigation for an enterprise.”

September 22, 2005 in Log Management & Intelligence, LogLogic News, Security | | Comments (0)