With increased compliance requirements, log management has become a hot topic in the enterprise. Various vendors, including security information management (SIM) suppliers, are vying to meet the demand but Alert Logic says it has a unique solution to the problem: log management via the Software-as-a-Service platform.
Chris Smith, vice president of product marketing at Houston-based Alert Logic, said regulations like the Payment Card Industry Data Security Standard are forcing companies to get a handle on all the logs generated from their servers and network devices. Not only is it difficult to collect logs, but regulations also require log analysis and archival, he said.
Appliance-based log management systems can help streamline the process, but are demanding from a storage standpoint, Smith said. "It's a massive management headache just for the storage alone, not to mention the [log] review."
To that end, he touts the SaaS model as a perfect fit for log management, especially for midsize organizations with limited resources. Alert Logic targets midsize businesses with its on-demand Threat Manager, a combination intrusion protection and vulnerability assessment service.
With Alert Logic Log Manager, an appliance is deployed at the customer site to collect, aggregate and compress log data, which is then sent to Alert Logic's data centers for analysis and archiving. Log data is accessed and managed via a Web portal.
"Instead of having a simple appliance on site and all the data stored there, it's in our redundant data centers," Smith said. Subscription fees for Log Manager start at $1,500 a month for up to 50 log sources.
Jeff Kaplan, managing director of consulting firm THINKstrategies, said there's been plenty of activity in the security sector around managed services but that companies providing security via the SaaS model like Alert Logic are realizing there's a need to put some of the functionality back into the hands of the customer.
"There's a certain managed quality … but they're putting the controls in the hands of the customer, to allow the customer to calibrate how it works," he said. "Customers can get the functionality they need without having to hassle with the software management problems."
A hosted solution is particularly helpful in log management because of the need to archive records that grow exponentially, Kaplan added.
Paul Stamp, principal analyst at Forrester Research, said the main difference between Alert Logic Log Manager and managed log management services, such as those offered by VeriSign, is where the analytics happens. VeriSign's service involves deploying and managing an appliance from a third party, LogLogic, at a client site.
"With Alert Logic, it's a lot lighter touch at the client site, and everything gets backhauled to the service provider's SOC," Stamp said in an email. "While this might not work so well for a huge company with hundreds of millions of events per day, the lack of infrastructure requirements at the customer site will be attractive for a smaller environment."
Dave Shackleford, chief technology officer at the Center for Internet Security and a SANS instructor, said while Alert Logic's Log Manager could be unique from a commercial offering standpoint, he provided a similar log management service when he was with his former firm, Vigilar.
"It's pretty trivial to put a 'log collector' box at a customer site, send the data over a VPN tunnel to a central site, and then analyze," he said in an email. "Alternatively, you could simply configure logging sources to send the data to a remote site as well."