From our Friends at MGI Research:

New Research Report: 20 Questions with LogLogic CEO Guy Churchward, focuses on the key issues that are shaping the market for IT security management tools. Guy is one of the more technically competent enterprise technology CEOs we have spoken to in recent history. He is also someone who keenly understands the holistic picture of what is needed to make a tech company successful in the current market. Guy's in-depth 20 Questions session with MGI's Managing Director, Igor Stenmark, focused on how the transition from physical to virtual, from in-house to cloud-based are impacting user and product requirements for security management, on the interplay between internal and external security threats and how users are coping with exponentially growing amounts of IT infrastructure and applications data.

read more

Today, Symantec announced its latest discovery, Duqu. Quite ominously, it is being called the precursor to the next Stuxnet, an attack that is often considered the most complex of this decade. In fact, activity is still being linked to the Stuxnet team.

So what kind of havoc is Duqu wreaking? According to the Symantec report, essentially the Duqu worm (called that because it creates files with the file name prefix “~DQ”) is logging keystrokes and using encryption assets from Taiwanese certificate authorities to encrypt and extract payloads. So far, only a few sites are known to be attacked the Duqu code. Still, certificate authorities are being encouraged to check their systems and inventory to confirm that they have not been compromised.

What is alarming is just how similar Duqu is to Stuxnet. The infection model and just about everything else is the same—there is just no need for a nuclear centrifuge this time. Organizations that have a solid logging infrastructure on their network would clearly notice connections to unknown, foreign hosts. This would be a dead giveaway that you have been hacked. People who do not monitor their networks with a log management infrastructure are like the homeowner who buys fake surveillance cameras for their house…and still gets ripped off.

read more

With the many log formats involved with Smart Grid, many energy companies are searching for a way to centralize the collection of logs, regardless of data format. A centralized log management tool, such as LogLogic, is seen to be an ideal way to collect and correlate security events and make responding to security events more efficient.

“Down the road, we’re looking at instrumentation and monitoring of the various substations and the lines themselves, as well as home area networking with automated monitoring of major appliances, air conditioning, thermostat, etc.,” says an operations manager. “And if you figure four or five devices per Smart Meter, at that point we might be looking at 50 or 60 million plus devices on the network that need to be monitored and individually analyzed – so our data sets are growing rapidly.”

Establishing consistent standards for logging structure, formatting and event numbering is a common concern to all utilities and energy companies, and all agree that the process will take time. “It took healthcare decades to establish a standardized reporting architecture, and we’ll probably have to go through the same process,” says one security manager. “And it may even require some application of NERC CIP reporting requirements down to distribution to force that in some manner or other, but we’re nowhere near that far down the pike in the Smart Grid space.”

Smart Grid is still in its infancy, with a great deal of growth and change in its future. LogLogic and IT data management principles in general, are already helping companies to more efficiently handle security and operations events across their networks. With time, this is likely to increase as regulations and compliance initiatives increase, and energy organizations deploy Smart Grid initiatives throughout their organization.

If you’d like to learn how LogLogic helps St. Louis-based energy company Ameren get more visibility and control over its IT assets, please view this short video with Cyber Security Managing Supervisor Chris Sawall: http://youtu.be/0JmneuXrSyQ

read more

Companies with existing LogLogic implementations are experimenting with ways to implement log management with this new technology. On the energy distribution side, Smart Meters collect information about energy usage at the residential and commercial level, and some companies are using their existing appliances to monitor and correlate Smart Meter-related events, as well as route the data to other systems for billing and other activities.

“The big challenge that we’re looking at moving forward is going from a typical enterprise where we’ve got fifteen to twenty thousand various log sources that we have to monitor and analyze, over to the Smart Meter initiative, which has added two and a half million devices and growing,” says an energy company operations manager. “And all of these devices need to be logged and monitored individually.” 

One regional utility using LogLogic to monitor its Smart Meters is currently monitoring only exception logs – such as ‘meter was read’, ‘meter reset’, ‘power out’, ‘power on’, etc. The message volume is currently quite low, even though the organization is monitoring more than 2.5 million devices. But the volume could increase dramatically depending on developments within the industry. Whereas the utility currently collects data from meters every six hours, if the industry moves to collecting data every five minutes – something that is likely to come from the public utilities commission – with tens of millions of meters, message volume will skyrocket.

Another application of log management principles includes the setup of a new SEM vendor and a Smart Meter-specific network operation center (NOC) for one organization. Using LogLogic as its message routing infrastructure, the company used the dynamic groups feature to build device pools based on an IP address range in order to route a subset of messages between the SEM vendor and the NOC that wanted to see a separate subset of messages. Previously, this had been a challenge, as the backbone application infrastructure could only send logs to one destination. By using LogLogic as the primary relay rather than NOC application, and using dynamic groups, the organization was able to split out the messages between the two separate applications.

LogLogic’s tagging feature is also proving useful to companies implementing Smart Grid projects. As more and more Smart Meters are deployed, reporting requirements have increased. LogLogic is enabling one company to prepare reports on specific sets of meters, and allows them to look for similar incidents from groups of meters and at particular locations. For instance if ten meters on the same block suddenly start reporting a tamper detection or a meter opened, they want to be able to create an alert. Because the meters come in as IP-less devices, they are not seen as separate devices within LogLogic. But, by using the tagging feature, the company is able to determine the meter ID and report on it.

Using logs collected by LogLogic, utilities can monitor the security of their Smart Meters or the Smart Grid technology, as well as perform operations and availability monitoring. Data from Smart Meters can be collected by the LogLogic appliance and sent off to multiple sources in order to trigger alerts or provide visibility into issues or problems.

Though many companies are not currently logging their Smart Grid initiatives, at least one energy company is using LogLogic to monitor and log the data from its Smart Meters. “We have rolled out over two million Smart Meters and are developing a usage analysis application infrastructure to collect and analyze the data from these devices,” says the company’s operations support lead.

Our next post looks at where Smart Grid technology could very realistically go.

read more

Although many in the tech world have read the recent stories about erstwhile Cleantech darling Solyndra and its near-overnight shuttering, the overall Clean- and Greentech industries are doing well. LogLogic works closely with many brand leaders across industries, including more than 1 in 3 Utilities companies in the Fortune 500, which is the area we’d like to explore in this post.

We wanted to share a case study that shares details of LogLogic’s work in the Smart Grid space.

Setting the Stage

Smart Grid technology has been at the forefront of global news about energy transmission and distribution for some time now. And though people often think of Smart Grid as a single, cohesive initiative, in actuality Smart Grid encompasses a number of loosely related projects and technologies from Smart Meters to overarching Smart Grid initiatives and much more. Though diverse in purpose and features, these technologies give public utilities and energy companies the ability to proactively monitor energy networks in order to respond to peaks in energy usage and avoid crises such as blackouts, as well as more efficiently move electricity around the grid. Because these technologies gather data about energy usage, both on the larger grid and through Smart Meters on consumers, Smart Grid offers opportunities for efficiencies never before possible.

As Smart Grid technology grows in popularity, adoption and complexity, the need for standards, regulation and government assistance grows as well. The United States announced support for the Smart Grid a few years ago with the passage of the Energy Independence and Security Act of 2007, which among other things, set out $100 million in funding programs to help build Smart Grid capabilities and establish protocol standards. And across the pond in Europe, although only 10% of current households have a Smart Meter, the European Union recently announced a mandated goal of having Smart Meters in 80% of EU homes by 2020.

“Smart Grid is adding new, enabling technology to existing grid components, allowing us to greatly improve functionality,” says a security manager for a regional utility company. At a basic level, Smart Grid provides intelligent monitoring devices for aspects of the grid that were not previously monitored, particularly in the distribution and user space. It also includes intelligence at distribution sub-stations, and at transformers and devices in between that sub-station and the user’s house. At the consumer level, Smart Meters allow instrumentation and real time reporting of energy usage data at the individual customer end-point.

Though this technology promises significant improvements in efficiency across the industry, it also poses a number of significant challenges in terms of consumer data privacy concerns, as well as compliance with industry standards and best practices. How can players in the energy industry make the most of these new technologies, while protecting user data and maintaining the security of the national energy grid? 

Our next post gets into the myriad challenges of managing Smart Grid.

read more

As yet, Smart Grid has no single accepted definition, is comprised of many (not always complementary) technologies, is controversial with regard to consumer privacy, and has an overall absence of standardization and regulation. Additionally, utilities and private energy companies are at different stages of adoption.  Because the industry is in such flux, no standards or accepted sets of best practices have been established, forcing organizations to establish these for themselves – both from an operations as well as a security perspective.

Though many organizations predict logging and log management will be key to establishing security within these Smart Grid environments, variations in technology and a lack of standards are a hindrance. With equipment from many different Smart Grid vendors, each with its own data format, a lack of standardization poses a challenge to utilities wishing to use a log management tool for event alerting and correlation.

“As we start to get into consumer energy distribution and home area networking, we’re expecting dozens, if not more, of additional vendors,” says a security operations lead. “We know that everyone from Google to Microsoft to a half dozen others will want to jump in on that space.”

Additionally, regulatory standards have not yet been established for Smart Grid Technology, something that is likely to become critically important in the future as Smart Grid gains momentum.

Our next post gets into how those managing a Smart Grid are using LogLogic.

(For the full story, download our Smart Grid white paper. Its the first one in the list.)

read more

This week, Verizon Business released a report showing that 79% of firms are not compliant with the 12 standards of the Payment Card Industry’s Data Security Standard (PCI DSS). Many of these firms have been PCI-compliant in the past, but have failed to continue to meet the required standards. Verizon’s report shows that firms most commonly have trouble maintaining the standards of PCI DSS requirements, 3, 10, and 11, which cover standards for protecting cardholder data, tracking and monitoring access to sensitive data, and regularly testing system security and processes.

The PCI Data Security Standard is a relatively low bar as far as security goes. The fact that companies are having a hard time maintaining compliance with it speaks to the sorry state of data security in the Cloud Age. PCI requirement 10 requires companies to log all the activity in their network (and review, secure, and retain these logs as specified). This is not a hard standard to meet—you simply need to start an appliance, point your logs, and you’re done!

PCI DSS was enacted six years ago, but it seems many firms are not taking it seriously. This puts the security of their customer cardholder data at risk. In their Data Breach Investigations Report, Verizon found that 89% of companies that suffered a breach were out of compliance with PCI standards. With just 21% of companies staying compliant, the majority of cardholders are at risk of falling victim to a breach. This is our personal information and it is essential for companies to respect their customers and implement decent security.

To learn more about PCI DSS requirements and the solutions available, click here.

read more

Yesterday was a big day for me. I am a huge Amazon Kindle fan. I wore my first one out, and I have a close personal relationship with my Kindle 3. So, when I heard Amazon was going to announce new Kindles, I got that tingle of excitement running up my spine. (OK, I don’t get out much.)

As I started reading the reviews of the Kindle Fire, the new full-media color model, I saw a great article at InformationWeek from a name I recognized. Michael Davis, the CEO of one of our best resellers, Savid Technologies, talking about the security implications of this announcement, and he made me realize the challenge this posed to IT Security in the enterprise.

On Nov. 16 (the day after the first preorders land on doorsteps nationwide) you will have people walking into the office with their new Kindle Fires and hopping onto the company Wi-Fi to show off the sleek-looking tablet to envious peers. And to be fair to the Fire, this problem is applicable to any new consumer device, be it a smartphone, tablet or netbook.

So how do you secure these zero-day devices, and/or prevent them from accessing the network…?

Davis makes a point that I have also heard from my friend John Kindervag at Forrester(another smart guy), who coined the term “Zero Trust Architecture”:

Finally, and in my opinion, most important, get your priorities straight. Just let them on and realize that your network is public, but your systems are private. In other words, don't try to prevent the connection to the network, prevent access to the resource, such as the file server or email.

John’s paper on Zero Trust Architecture can be found here, though you will need a login. By the way Davis also write a great book on computer security called Hacking Exposed: Malware & Rootkits. It’s a good read.

The fact of the matter, is that these emerging devices will show up on your network, and you’d better be ready for it.

What better way to do this than to log all devices and activity on your network?

read more

For those of you able to escape the clutches of Hurricane Ireneand make it to Las Vegas, you’ll see that today at VMworld we’re introducing EVA.

EVA is a new virtual appliance for enterprises which enables data warehousing and forensic analysis tools for IT data, at any scale. In direct response to customer requests, the new software-based product easily supports logging and analysis of up to 16,000 end devices in cloud, virtual, physical and hybrid environments. It’s an impressive product we know you’ll find useful.

Why the virtual appliance option for our customers?  Physical appliances can have their limits when it comes to managing IT data volume. By leveraging the power of VMware and the flexibility of the EVA model, enterprises improve their data throughput, increase their processing power and see greater storage capacity. With flexibility in mind, we developed EVA so the solution can expand to collect IT data from new virtual or physical sources in your enterprise.

EVA is powered by the latest LogLogic 5.2 IT data management engine, which protects personally identifiable information, meets the latest data retention regulation and now adds compatibility with NetFlow.

If you’d like to try the Enterprise Virtual Appliance (EVA), it’s available for download (for a trial period of 60 days) here: http://www.loglogic.com/virtual-appliance

And last but not least, if you are able to make it to VMworld, we’d love to meet with you in person. Please drop by and chat!

Here’s where you can find us at the event:

The Venetian
Level Two
Sands Hall B and C (Solutions Exchange)
Booth # 1354 

Hope to see you at the show!

 Bill Roth, CMO, LogLogic

read more

read more