SOURCE: LogLogic

May 31, 2007 11:30 ET

SANS Study Points to Growth in Log Management & Intelligence

Global 2000 Still Failing to Meet Log Management Compliance Regulations

SAN JOSE, CA--(Marketwire - May 31, 2007) - The SANS Institute (, in conjunction with log management and intelligence provider, LogLogic (, today announced preliminary findings of the 2007 Log Management Survey -- slated for public release in June. The survey polled more than 650 IT professionals in government, financial services, banking, manufacturing, healthcare, telecommunications, and education sectors from the North American Global 2000 (G2000) -- Forbes's comprehensive list of the world's biggest companies.

"As we look at the data from SANS's research and our experiences in the medium to large Enterprise market it is apparent that we are looking at a $1 billion (USD) plus market driven principally by new Governance, Risk and Compliance (GRC) requirements," said Chris Brennan, CEO, LogLogic. "As approaches based on homegrown solutions and proprietary tools fail to meet these requirements, Enterprises will move to open log data warehousing solutions capable of easily integrating with their GRC applications -- and delivering intelligence and insight in their own right."

"This study shows that log management and intelligence has moved from a troublesome, daily IT task to a critical activity for IT security, forensics and operations," said Alan Paller, Director of Research at SANS. "Some pioneering enterprises have found ways of making log management into a powerful weapon in fighting back against cyber crime. I hope many more follow their lead. to gain maximum benefit and insight from log data."

Key findings surfaced from the survey include:

--  Log data monitoring continues to grow exponentially. Of those surveyed
    over 61% report using log data to assess IT incidents and minimize downtime
    (an increase of 24% over 2006 survey results).
--  Log data retention is up significantly, but most of the G200 and G2000
    are still failing to meet compliance regulations. Despite regulatory
    recommendations or requirements that logs be maintained for three to five
    years, 11% say they keep log files between 30 and 90 days, 10% retain data
    for six months and 5% less than 30 days. Remarkably, a full 14% say are not
    sure how long they keep log data, relying on the system default as defined
    by their operating system.
--  Security while important is not the prime motivation for log
    management. More than half of those surveyed reported operations management
    and monitoring the health of the network as the prime motivation for using
    log data. 43% indicated compliance with SOX, PCI and other mandates as the
    top priority.
--  The quantity of stored log data is rising. 57% percent of survey
    respondents store logs from as many as 500 sources.
--  Log files are reviewed multiple times weekly. Log files on security
    devices are reviewed at least a few times a week by more than half of those
    surveyed while 44% review log files for non-security devices at least once
--  Enterprises collecting more logs, but not satisfied with data. More
    people have log servers -- 57% this year compared to 35% last year, so it's
    clear enterprises are trying to get a grip on all this information.
    However, they're still not getting that information digested in useful
    enough ways. One of the indicators is the fact that 63% are not passing
    data on to other groups. Another indicator is that 63% stated that they
    were not satisfied with the data they were getting.
--  Appliance-based solutions lead in large Enterprises. Among the larger
    companies (the Global 2000), 55% are using an appliance-based log
    management solution.
In support of the 2007 Log Management Survey, SANS Institute and LogLogic will conduct a webcast in June to further discuss the results, current logging trends and the future of log management and intelligence.

To receive a preview copy of the 2007 Log Management Survey, visit summary.pdf.

A webcast presenting the results will be held on June 6, 2007. For more information and to register, go to

About The SANS Institute

The SANS Institute is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system -- Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. For more information, please visit the company's Web site at, or phone 301-654-SANS (7267).

About LogLogic

LogLogic™ provides the world's leading enterprise-class platform for collecting, storing, reporting and alerting on 100 percent of IT log data from virtually any device, operating system or application. LogLogic 4 LX and ST systems address the compliance, operations and risk mitigation needs of the most demanding Fortune and Times 1000 companies globally. LogLogic's innovations include creating the world's first search engine for fast moving IT log data and Compliance Suites that automate using that data to enforce critical controls and regulations. LogLogic has established a position as the market visionary and leader, as evidenced by awards and accolades including Gartner SIEM Magic Quadrant "Leader," 2006 AlwaysOn Top 100 Private Company, Best of Interop 2005, SC Magazine's "Best Computer Forensics," Info Security's "Hot Company 2006," and the Red Herring 100. For more information, visit and

Contact Information