Log management, reporting and forensics tool
Global DataGuard has released version 3.4 of its Firewall/Syslog Module technology to provide increased storage; up to 1.5 terabytes of onboard storage; search capabilities for locating and analyzing specific log events over vast periods of time; and log parsing and alerting. The FSM offers visibility into IT operational efficiencies, detection of potential security breaches, provides forensic capacity, and enables corporate accountability.
With the FSM, all log files are analyzed by customer-specified rule sets and then retained for reporting and forensics. Detected policy violations or activities of interest result in alerts on the unified management console for further analysis, incident response and ticketing. In addition, the FSM:
- Collects, normalizes, aggregates, compresses and encrypts log data from disparate 3rd party routers, switches, firewalls, IDS/IPS, AV, SPAM/spyware, Windows, UNIX and Linux systems and associated applications
- Adds necessary resources, services and applications to a Whitelist to ensure that critical network ports and services are never accidentally blocked
- Provides search and parsing capabilities
- Allows the customisation of the severity of log alerts
- Enables users to define their own custom online SLA within the Global DataGuard Security Alert Response Procedure (SARP)
- Automates the production of reports and enables 24/7 online access, via the Enterprise UTM++ monitoring console.
The FSM was originally designed to address PCI DSS requirements through log file harvesting, parsing and alerting. It:
- Enables logging for all events, with data on user ID, customizable groups, type of event, date and time, success or failure indication, origination of event, and identity of the system component
- Provides 1.5 terabytes of storage
- Ensures that viewing of audit trails is limited to those with a job-related need
- Protects audit trail files from unauthorized modification
- Makes log data accessible through a local NAS partition.
The FSM integrates with all of Global DataGuard’s Enterprise UTM applications. The Firewall/Syslog Module is priced at $30,000 in the U.S., and it can be leased with turnkey managed services for $2,815.00 per month.