Log On for Compliance
During my testing of LogLogic 3 r2, Ive spent a lot of time studying Payment Card Industry and COBIT, or Control Objectives for Information and related Technology, requirements.
There are so many ways to skin the compliance cat that making a judgment about the best way to do so requires an increasingly intimate knowledge of the law and best-practice guidelines.
In the case of LogLogic 3, I started by comparing many of the reports in the products new Compliance Pack with the requirements listed in PCI requirements documentation.
After figuring out which requirements could be met using log data supplied by my test systems, it was a pretty simple matter to run tests that would then exercise each of the corresponding reports (usually dealing with account creation, account deletion and machine access).
IT managers should have little trouble testing an evaluation appliance from LogLogic because the product is, for the most part, entirely passive.
IT managers who are in the market for a log management tool should become thoroughly familiar with the log processing and compression methods used by a product. For example, the LogLogic LX family parses and compresses data, while the ST family (which we did not test) specializes in storing raw log data.
My review of LogLogic 3 r2 will appear in a forth-coming issue of eWeek and at eweek.com.
Check out eWEEK.coms for the latest news, commentary and analysis on regulatory compliance.