LogLogic and SANS Announce Fourth Annual Log Management Market Report

Log management awareness and adoption soar in 2008

SAN JOSE, CA – June 10, 2008 – The SANS Institute, the largest source for information security training and certification in the world, in conjunction with log management leader LogLogic® today announced the release of the 2008 SANS Log Management Market Report. The survey polled IT professionals from organizations ranging in size from large Global 200 enterprises to small businesses with fewer than 50 employees about their logging practices.

The survey indicates that companies are using their log data for detecting and analyzing security and performance incidents, minimizing downtime, compliance reporting, and forensics.

Other key findings surfaced from the survey include:

  • Record numbers of companies are adopting log management. The percentage of organizations with log servers continues to increase from 38% in 2006 to 75% in 2008. According to this year's survey, 80% of organizations are now collecting, and 67% are archiving logs.
  • Awareness of log management is achieving mainstream adoption. In the 2007 survey, 59% of respondents chose "No clue, we look at logs as needed or when there is an issue." In 2008, only 14% chose that option. This is a strong indication of a growing awareness of the need for log management.
  • Log management appliances are growing in popularity. The use of log analysis appliances is up from 10% in 2007 to 19% in the 2008 survey, demonstrating that vendor-based solutions in general and appliance-based solutions specifically continue to gain popularity.
  • Compliance mandates longer log retention periods. In the 2005 survey, only 2% of companies surveyed stored their logs longer than one year. In this year's survey, 35% of companies stored their logs for a year or longer. The retail segment seems to be the most affected by compliance issues. Some 71% of respondents in the retail segment, under new and evolving PCI DSS standards, said that their log retention policy was driven by compliance. Some 66% of healthcare respondents also ranked regulatory drivers as their reason for retaining log data.
  • Log management drivers go beyond regulatory compliance. Despite the emphasis that regulations place on tracking and managing logs, respondents ranked security and performance alerting, information asset protection and system maintenance before compliance reporting.
  • Adoption and drivers are independent of company size. Mid-market companies lag only modestly to Global 2000 companies in their adoption of log servers. Drivers for log management adoption are also consistent between mid-market and Global 2000 companies, with larger companies placing somewhat more emphasis on compliance and mid-market companies valuing automated troubleshooting.
  • Collection is the biggest log data pain point. More than half of survey respondents ranked collecting logs as their most critical challenge in the log management lifecycle, followed by searching and reporting, sharing log data and maintaining chain of custody information on log data.

"The SANS survey validates that log management is not only a regulatory requirement, but that it has also become a best practice for both security and performance management across mainstream Global 2000 and mid-market companies," said Dominique Levin, EVP Marketing and Strategy at LogLogic. "Unfortunately, collecting logs from a myriad of sources can be extremely complex and it's even harder to extract, analyze and report on log data in a meaningful way without automation. It is therefore no surprise that budgets for log retention and analysis in general and log management appliances specifically are up sharply."

"This year's survey demonstrates that organizations are collecting more data and want to use it for risk management, compliance and IT operations purposes, but such capabilities are limited due to lack of common formats between logging systems in proprietary and commercial applications," said Deb Radcliff, Editor, SANS Analysts Program. "Log management vendors are doing better in these areas, but as organizations demand more, vendors will need to continue making improvements in log collection, analysis and storage to help enterprises meet their risk management, response, and compliance needs."

About The SANS Institute

The SANS Institute is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. For more information, please visit the company's Web site at www.sans.org, or phone 301-654-SANS (7267).

About LogLogic

LogLogic® is a visionary leader in log management for business operations, security and compliance for the most demanding global enterprises as well as mid-market companies. The LogLogic family of LX-ST and MX appliances address the compliance, operations and risk mitigation needs for collecting, storing, reporting and alerting on 100 percent of IT log data from virtually any device, operating system or application. LogLogic's innovations include creating the world's first search engine for fast-moving IT log data, the first open log management platform and API, and Compliance Suites for PCI, SOX, HIPAA, and other mandates that automate using log data to enforce critical controls and regulations. LogLogic received four and half stars out of five from SC Magazine's forensic tools review in 2008 and was named a Deloitte Technology Fast 50 Rising Star in 2007. For more information, visit www.loglogic.com and http://blog.loglogic.com.

LogLogic disclaims any interest in the trademarks of others.

Technorati : Compliance, Log Management, Log Management & Intelligence

Posted June 10, 2008 6:00AM