A silent explosion

Attila Kiss - marketing manager

Do you know which data source grows at the fastest rate for todays companies? Video files? Maybe for YouTube, but not for banks, telecommunication companies, or others. The answer is log files. Right, these short text messages can consume terabytes of storage, because every single "thought" of every computer-like device generates a log entry. And computers are becoming faster, there is more of them by the day, and for some reason, these logs are becoming increasingly important for the organizations. IT is experiencing a huge explosion, but it is an underground boom that noone has noticed yet except for some insiders, even though it will rock the foundations of the entire industry.

Another question: Which IT security system will companies spend most money in 2008? Antivirus solutions? Firewalls? Oh, no. None of the trendy, over-marketed stuff will be as important for the companies as the cleaning up of their logging infrastructure. According to an Ernst&Young prognosis for this year, the greatest risk for companies - even before the possibility of a global financial crisis - is that their IT system fails to comply with regulatory requirements. And regulations aim at authenticity, auditability, and retraceability: these can be achieved by proper log management.

There are developers who have already recognized this trend: IBM is already on the field, HP is busyly preparing, and there are the specialists: ArcSight, LogLogic and LogRhythm. But they are all after the big companies for whom logging was an important issue earlier as well. But where are the developers who address the masses, who make efficient tools affordable even to medium-sized companies? Why is Cisco missing from the market: they should be the leaders, but their Mars device reminds us of the past. And what are Microsoft, Symantec, CA, or McAfee waiting for? Where are the developers who will satisfy the currently small, but quickly growing demand?

Well, maybe in Hungary. It seem that at last there is a field of industry where we can take the lead. Several promising development has matured in this country, and - as we bragged about in an earlier blogpost - a significant contribution to the new international syslog standard came from Budapest. Why Hungary? If I want to be sentimental, the most creative minds of the world live here. If I want to be rational, it turned out this way. The conditions were right, and Lady Luck gave a hand.

At first sight, logging infrastructure might seem simple, and log management trivial. This might have been true in the past, but nowdays it is unarguably a process of strategic importance, and not only because of the standards or regulations. Information is power, and you cannot guarantee the security of a large IT system without logs. The idea is simple: Collect the logs to a central place, preferably using an encrypted channel. Get proper filtering and archiving. Finally, add some intelligence and analyzing capabilities, and you will know what is happening on your network.