Using Logs for Security & Compliance: Part 2

This 3-part series explores the critical role logs play in maintaining regulatory compliances and provides specific examples of known events to look for an how to evaluate different compliance tools. To download the free 24-page white paper, click here.


Logging for PCI Compliance

For organizations looking to achieve and maintain PCI compliance, requirements related to the secure retention of log data are common.

The secure retention of log data is critical for a variety of reasons. Aside from being a mandatory requirement for many regulatory compliances, it’s estimated that it often takes a company more than 200 days before realizing their environment has been compromised. Upon identifying a breach, reviewing log data from the last 6 months or year is often necessary to assess the full impact of the breach. Intruders are also likely to look for ways to cover their tracks, making it difficult to identify breaches. If an intruder can gain access to and manipulate log data, important evidence can be erased.

Below is an excerpt from our latest white paper that explores guidelines for securely retaining log data.


The follow is an excerpt from Using Logs to Address Compliance Standards.


Logging for PCI Compliance: Secure Retention

Secure Retention

All compliance regulations dictate that logs must reside in a secure, centralized location. The integrity of logs is vital, thus it must be provable they are unaltered after being collected. Most compliance regulations also specify requirements for how long logs must be stored. For example, PCI DSS requires logs remain searchable for up to 3 months and are retained for up to 1 year. A log management tool can be used to consolidate all log events into a single, secure location. For example, a hosted log management service can help in the following ways:

  • Store all logs remotely, separate from running systems
  • Maintain an unaltered copy of log data to compare against local logs
  • Offer direct integration with Amazon S3 for long-term storage
  • Collect and centralize data from applications, systems and formats, including:

    • Applications
    • Workstations
    • Servers
    • Databases
    • Networks
    • Firewalls
    • Routers
    • Hosted Platforms

User Permissions

When working within a team, it may be necessary to give other team members access to your log management tool for search and analysis. When doing so, it’s important to consider whether the team members should be able to make changes to your log management tool. In general, a log management tool should:

  1. Prevent any user (including admins) from deleting logs.
  2. Offer role permissions to prevent non-admins from changing which logs are collected or stored.

(read more)


Want to download the 24-page white paper for free? Click here to download.

Tagged with: , , ,
Posted in Security

Leave a Reply