Common industry compliance standards, such as PCI and ISO27001, will often mandate specific requirements relating to the logging, storing and auditing of certain activities that take place within an organisations IT infrastructure and network environment. Examples of this might include the following:
- Logging of changes/additions/deletions to root or administrative access, in addition to identification and authentication mechanisms.
- Privileges of administrators and operators should be monitored, along with the activities of such users.
- Identification and review of exceptions and anomalies.
- Mandated log retention periods for certain categories of activity. E.g. 1 year or more, with immediate access to the last 3 months.
Using a SIEM platform as a centralised log aggregation and management tool will ultimately simplify the execution and adherence to such requirements. Coupled with the overarching security benefits of a SIEM, organisations can reduce their TCO for security visibility and mandatory compliance requirements.