SIM/SEM — security information management or security event management — often is characterized as being log correlation and analysis. LogLogic entered the market as an early player and focused on log management. That is still, five years later, where the company puts its efforts. While log management in the early days was largely a correlation and collection exercise, the LogLogic approach, according to company visionaries, targets what they refer to as operational
analytics and log management.
The notion of operational analytics adds a significant element of context to the usual log collection, aggregation and correlation exercise. The company is evolving, in part, because of its history and where that has led it. Founded in 2002 as a response to explicit customer needs, LogLogic continues to develop based on what it calls “customer-led innovation.” Operational analytics is an example of customer driven requirements. This concept adds depth in areas, such as forensics, to typical event and information management.
The close customer ties also allow the company to see subtle shifts in market needs before they become significant. This results in a proactive response. It has taken the company’s thinking away from focusing solely on security to an expanded view of the enterprise environment as a whole. According to the vendor, the primary driver (no surprise here) is compliance.
This driver has shaped LogLogic’s thinking and, as a result, the LogLogic product is built on an extensible architecture with a web services application programming interface (API) that opens the platform to interactions with other products on the enterprise without building dedicated connectors one at a time. If a user wants an interface to a particular product that LogLogic does not yet support, all that is necessary is to build an application that connects to the API.
This heavy reliance on customer-led innovation has resulted in creating products based on customer use cases.
We use the LogLogic tool in the SC Lab for analyzing our attack scenarios because it allows us to bulk-load test log data from a variety of sources. With this capability we can accept test data as individual files where we cannot get live feeds. This flexibility lets us have what amounts to a network offline analytical tool that really doesn’t care where it gets its data input.
AT A GLANCE
What it is: A log management and operational analytic tool
Vendor LogLogic – www.loglogic.com
Cost: contact LogLogic; based on configuration
Innovation: Heavy reliance on customer-led innovation
What we liked: Flexibility