Common industry compliance standards, such as PCI and ISO27001, will often mandate specific requirements relating to the logging, storing and auditing of certain activities that take place within an organisations IT infrastructure and network environment. Examples of this might include the following:
- Logging of changes/additions/deletions to root or administrative access, in addition to identification and authentication mechanisms.
- Privileges of administrators and operators should be monitored, along with the activities of such users.
- Identification and review of exceptions and anomalies.
- Mandated log retention periods for certain categories of activity. E.g. 1 year or more, with immediate access to the last 3 months.
Whilst some of the mandatory logging requirements for certain compliance standards may be achievable using pre-existing IT infrastructures, such solutions will often require the use of multiple component technologies and will consequently be decentralised and difficult to manage.
The use of a SIEM platform as a centralised log aggregation and management tool will ultimately simplify the execution and adherence to such requirements. Coupled with the overarching security benefits of a SIEM, organisations can reduce their TCO for both security visibility and mandatory compliance requirements.