In tough neighborhoods, when there's a knock on the door, streetsmart people don't unlatch the deadbolt until they know who'sthere.

In the computer world, log management aims to identify who'sclicking on and verifying that person should be allowed access.With smartphones and other devices adding to the access points, ITstaffs are working to keep up.

As demands for effective log management have increased, promptedby security and compliance issues, the $1.6 billion FAIRWINDSCredit Union in Orlando, Fla., decided it was time for some newapproaches to log management.

“There were a lot of reasons,” said Ted Spero, vice president oftechnology at FAIRWINDS . “We were using a hardware appliance forlog aggregation and log monitoring, and as with any equipment thereare limits to the lifetime of a device. We were getting close tothe end of the expected life of that particular product.”

Spero said it was time to reevaluate what was out there in themarket. The credit union relied heavily on general industry reportsand expert analysis, he added.

While FAIRWINDS was dealing with a huge number of logins, at the sametime the credit union had a significant amount of local storage soit could cope with that volume. Even so, the credit union did wantto consider storage capacity, since at some point there would be alimit.

Responding to what seemed like a simple request would sometimespresent a challenge, according to Spero. For example, say anemployee left the credit union six months ago. A report is neededshowing every time that employee logged in and out of a machine onthe credit union's network.

“As simple as it sounds, that kind of request was difficult forus.” Spero explained.  “The important thing was to havecentralized log management with information from all the devices inone place, and a powerful reporting engine which can generateoutput not only for regular analysis but also specializedrequests.”

Spero said these functions would tie together to produce apretty detailed management program that can document any incidentsfound either proactively or as result of regular monitoring of thelog aggregation output report.

Log aggregation also helped when a developer's credentials keptlocking him out from work he needed to do. Perhaps there were 50 or60 servers involved in the project, and it was frustrating to checkthe logs of each server manually to find the problem. With logaggregation, it's actually very easy to identify the glitch, thecredit union discovered.   Overall, Spero sees logmanagement as one piece of a more comprehensive security strategy.Still, it can't be the only tool in the arsenal. At FAIRWINDS thetracking tool works closely with other approaches such as earlyintrusion detection.

“We monitor very closely all of our member-facing channels suchas online banking. We tie that together with virus detection,malware detection and surveillance,” Spero said. “We can see what'shappening in real time at an ATM, for example.”

Keeping on top of this, he continued, has a lot to do withsophisticated event correlation and reporting. Most of the logsgenerated every day are pretty innocuous, and the credit unionwants to focus on events that are important. That demands areporting and analytics engine intelligent enough to understandwhich log entries are significant.

“The big benefit for us has been enhancing the security of ourinfrastructure,” Spero said. “Being able to quickly identify anykind of problem so we don't have to do it manually is hugelyimportant to us. The biggest thing, whether it's log management orany other security device, is not forgetting about the bigpicture.”

The credit union also performs internal vulnerability scans andexternal vulnerability scans and is starting to go as far asmonitoring some of its cloud-based applications proactively on aminute-by-minute basis, Spero said.

Barriers, as well as the costs to maintain log management, arecoming down, according to Christian Beedgen, co-founder and chieftechnology officer at Sumo Logic, a log management and analyticscompany in Mountain View, Calif. 

While there is plenty of information available, the challenge isthat information may not be properly formatted, he said, addingeffective log management requires timely collection andinterpretation.

“If you look at the past couple years, there are more and moredevices, more and more applications, more and more data. It'sgrowing exponentially,” Beedgen said.

“That's a lot of information, a lot of data. Over the lastcouple years, there's been a move to connect all the logs. Thechallenge is it needs to be formatted to allow timely collectionand interpretation. People have spent a lot of time on this.”

In a paper on security and risk professionals on identity andaccess management, Eve Mailer, a security and risk principalanalyst at Forrester Research, notes that at many businesses, allfunctions are no longer contained with a company's boundaries.

A credit union, for example, may be sharing information with anexternal business partner. The credit union wants strict accesscontrols, but it doesn't control the partner's processes. Thenthere's the issue of cloud applications, which the credit uniondoesn't directly control.

“We see some companies synchronizing user accounts to externalapps on a relatively infrequent schedule through insecure filetransfer protocol, or relying entirely on 'front-door'authentication for access to wide swaths of app functionality,”Mailer noted.

“Organizations can lose all visibility into access eventswhenever users can access a SaaS-based (Software as a Service, anon-line or network-based application) business function through theopen Internet from an unmanaged device or network without touching'home base' infrastructure, according to the Forrester researchpaper.