Comments on: Heartland Proves that Log Data is NOT Enough http://blog.eiqnetworks.com/2009/01/22/heartland-proves-that-log-data-is-not-enough/ Perspectives on Security and Compliance Management from eIQnetworks Thu, 29 Oct 2009 15:57:47 +0000 hourly 1 http://wordpress.com/ By: IS Security » Blog Archive » Risk analysis alternatives http://blog.eiqnetworks.com/2009/01/22/heartland-proves-that-log-data-is-not-enough/#comment-14 IS Security » Blog Archive » Risk analysis alternatives Mon, 26 Jan 2009 22:56:25 +0000 http://blog.eiqnetworks.com/?p=65#comment-14 [...] Mike Rothman, former independent who just re-entered the corporate workforce, threw in his own two cents.  The case he uses is a vendor that was complaint with the PCI standard, as many others have, and [...] [...] Mike Rothman, former independent who just re-entered the corporate workforce, threw in his own two cents.  The case he uses is a vendor that was complaint with the PCI standard, as many others have, and [...]

]]> By: Mike Rothman http://blog.eiqnetworks.com/2009/01/22/heartland-proves-that-log-data-is-not-enough/#comment-12 Mike Rothman Fri, 23 Jan 2009 13:16:45 +0000 http://blog.eiqnetworks.com/?p=65#comment-12 Ed, the point wasn't that log data or log management isn't helpful. But it's not going to be sufficient to really stop these kinds of attacks. In many cases the attackers turn logging off, which leaves the organization flying blind - if they are only relying on log data. Logs are critical in investigating issues and gathering information, but many organizations don't take advantage of other data types they are already gathering (in a lot of cases). Ed, the point wasn’t that log data or log management isn’t helpful. But it’s not going to be sufficient to really stop these kinds of attacks. In many cases the attackers turn logging off, which leaves the organization flying blind – if they are only relying on log data. Logs are critical in investigating issues and gathering information, but many organizations don’t take advantage of other data types they are already gathering (in a lot of cases).

]]> By: Ed Chopskie http://blog.eiqnetworks.com/2009/01/22/heartland-proves-that-log-data-is-not-enough/#comment-11 Ed Chopskie Fri, 23 Jan 2009 00:02:31 +0000 http://blog.eiqnetworks.com/?p=65#comment-11 Mike, great post. I think its too early to totally discount log management in this breach. According to the Verizon Business research note that came out last year that analyzed 500 breaches over 4 years, 82% of the time the breach evidence was in the logs. What is clear that just because an org is PCI DSS compliant, doesnt mean that they are safe. Ed Chopskie VP Marketing SenSage Mike, great post. I think its too early to totally discount log management in this breach. According to the Verizon Business research note that came out last year that analyzed 500 breaches over 4 years, 82% of the time the breach evidence was in the logs.

What is clear that just because an org is PCI DSS compliant, doesnt mean that they are safe.

Ed Chopskie
VP Marketing
SenSage

]]>