|
Log management solutions excel in collecting events in real time, in parsing and normalizing information and analyzing the collected information for producing alerts in real time, as well as other functionalities like event correlation. However, this does not relate to provide integrity protection in any way. The best-case scenario for a log management solution is to apply any of the previously mentioned technologies (signing, time stamping, writing in a WORM device, etc), but after files themselves are processed and after a specific period of time. In addition, parsing and normalizing data means files are modified from the moment of their creation. Even though it has some log management functionalities, the Secure Audit Vault is not a log management solution in itself: its main objective is to preserve data and provide guarantee of its integrity, not to obtain real-time intelligence from the collected data. It works with files in their raw format, meaning that data remains unaltered from the moment it is generated. In addition to provide this data integrity protection, it centralizes and provides search capabilities, but unlike SIEM solutions, once data is secured and preserved inside the tamper-evident vault, data cannot be altered without a clear proof if this manipulation and where this tampering occurred.
|
