Audit Logging for Storage

Library Content Type:
Publish Date: 
Wednesday, September 21, 2005
Focus Areas:

Experts agree that audit log management is a critical element of any organizations’s risk management strategy. Audit log data (or just log data) can provide a complete record of access, activity, and configuration changes for applications, servers, and network devices. It can be used to alert management and administrators to unusual or suspicious network and system behavior. Additionally, log data can provide auditors with information required to validate security policy enforcement and proper segregation of duties. Lastly, IT staff can mine log data during rootcause analysis following a security incident; this is particularly important for the recovery and/or damage cleanup as well as the remediation activities. Considering all of these potential uses, audit log management not only assists in achieving corporate compliance, but also reduces the risk of legal exposure from security breaches and costly network downtime. This whitepaper discusses log management from a storage security perspective and provides specific information as it relates to storage resources and networks.