Balabit Named as a Representative Vendor in Gartner Report on Central Log Management for Security Event Monitoring Use Cases
February 2017 by Marc Jacob
Balabit, a provider of Contextual Security Intelligence (CSI) technologies, announced that it has been identified as a representative vendor in a Gartner report entitled: ‘Use Central Log Management for Security Event Monitoring Use Cases’. The report focuses on the role of Central Log Management (CLM) in improving threat monitoring and detection, and recognizes the challenges of fragmented or incomplete log management environments. It also looks at the factors that can hamper Security Information and Event Management (SIEM) deployments such as training and licensing models, and examines use cases where CLM can help organizations to maximize the return on their SIEM tool investments.
Regarding the current log management challenges organizations face, Gartner’s report states: “…At the other end of the spectrum, enterprises that have started their SIEM journey usually end up in one of two places: underinvested in their initial implementation and having to find budget to increase capacity to meet their use cases, or overlicensed and being stuck paying higher maintenance costs to the SIEM vendor for years for that unused capacity.”
The report includes recommendations from Gartner that security and risk management leaders responsible for security monitoring and operations should pay attention to:
Use a CLM tool to address security monitoring and compliance use cases where there are insufficient resources or budget for a SIEM or for managed security services.
For midsize organizations, look to use existing IT and network operations log management tools to collect and manage security event logs.
Consider a multitier approach using a CLM tool when planning a SIEM deployment to avoid overutilization, and overlicensing, from the start.
Use a CLM tool to better manage your existing SIEM tool investment if your organization has an existing SIEM solution that cannot scale its collection and analysis capabilities due to budget constraints.
Balabit’s syslog-ng collects, processes, and transfers logs from a wide variety of sources and securely stores the data or forwards it to analytic tools such as SIEM. More than a million users worldwide trust syslog-ng to deliver log data from across their IT environments. Whether it’s deployed as a software or as a turnkey appliance, syslog-ng supports the use cases most frequently mentioned by clients to Gartner: improving foundational security capabilities in the absence of other means and augmenting new or existing SIEM deployments or service engagements.