BETHESDA, Md., April 16, 2012 /PRNewswire-USNewswire/ -- The line between log management and security information event management is starting to blur, according to the SANS 8th annual log management survey of more than 600 IT professionals. In it, 37 percent of respondents report using SIEM systems to analyze and correlate logs.
As they do so, they are experiencing several problems with their log management and SIEM systems: identifying key events from background activity, tracking suspicious behavior, and detecting and preventing advanced persistent threats.
"The data suggest that respondents are having difficulty separating normal traffic from suspicious traffic," says Jerry Shenk, author of the report for the past eight years. "They need advanced correlation and analysis capabilities to shut out the noise and get the actionable information they need. But first they need to get more familiar with their logs and baseline what is normal."
Throughout the years, the SANS Management Survey has become a valuable indicator of what the log management, and now the SIEM space, should focus on to meet the demands of today's busy networks, adds Deb Radcliff, editor of the SANS Analyst Program.
Full survey results, along with an accompanying SANS whitepaper on the findings, will be released during a two-part SANS webcast series on May 1 and 3, 2012 at 1:00 P.M. Eastern Daylight Time. You may register for the webcasts at the SANS webcast portal.
Or for each individual webcast follow these links:
About SANS Institute
SOURCE SANS Institute