As a Brit working for an American company based in the heart of Silicon Valley, I occasionally get accused of forgetting the wet, cold island I hail from. Our UK marketing team just reminded me how overlooked and hardworking the peoples of Europe are. Here’s some of the joy our European team have spread about their love of logging recently. Europe Rocks!

Another hack attack hits the headlines http://tinyurl.com/yebvj8p Big deal. This stuff happens every day now right?  Wrong. Not on this scale it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies across in 196 countries.  This is not a straightforward Trojan - a simple smash and grab. This one’s a game changer.  Systems compromised by this botnet provide the attackers with not only user credentials and confidential information, but remote access inside the compromised network.  Just some of the data stolen includes:

As previously mentioned, LogLogic enjoyed huge success at RSA last week, and really enjoyed introducing our customers to our Nerd Herd over beers. As the Chief Marketing guy at LogLogic,  its interesting to me the casual way in which vendors treat their brand image. I had a chance to walk the floor and assess their self-inflicted damage.” In some ways, tradeshows like this have not changed. I have been apart of the JavaOne show since the beginning back in 1997. The RSA crowd is a bit different…namely more suits and better hygiene.  You can always tell how the economy was doing by what kind of giveaways are on the show floor. Here are my best and worst for 2010.

By Guy Churchward, CEO

The Register wrote a great little Cloud article last month on why the Cloud is nothing more than good IT practices re-badged. Up to a point, I agree with them, but there are inherent benefits to be realized that I’d like to discuss.

I remain concerned that the biggest threat to the Cloud isn’t actually security – without clear standards adherence and accountability, it’s traction and acceptance. Repeatedly the conversations I’m having in the enterprise space lead to ‘our architecture is sort of a private cloud…we do use the public cloud but only with assets or apps that are non critical.’

We’ve been at RSA San Francisco all week talking to customers, prospects, competitors and the great unwashed. Now as we gracefully slide into the weekend to recover, as I look around the office, all I see are smiling but tired faces.

During the long dark winter months it’s often easy to lose your gleam, to start to question your place in the world. This season has been no exception. I’ve heard sales people grumble about missing features, or an occasional bug, the lack of marketing support, or just the plain fact that a prospect got a 90% discount from a competitor eager to win a deal.

By Gorka Sadowski LogLogic Security Architect Anti-spyware Spyware will pollute your system silently. It will watch your every move, looking for passwords, bank account information, credit card numbers and any other information of value. How does it do that? How does it hide so well? It will often operate by replacing legitimate executable files. It will highjack critical system files and drop its payload into them. Your system now seems to run as usual – the list of running processes doesn’t yield any anomalies, and performance doesn’t seem affected. But the spyware is running. So how do logs help here? They help from the get-go. As soon as the spyware initially infects your system, it will access critical system directories and either drop in new executables, or modify system-privileged executables. These are events that can be configured to generate logs.

IDS/IPS IDS/IPS are a phenomenal tool in your defensive security toolbox…provided that they are properly configured and closely managed. All IDS/IPS need to be regularly updated – much like an AV. And again, you need to verify that your systems are properly keeping things up to date. Use your Log Management and Intelligence solution for that. Let’s also look at one of the most common criticisms of an IDS. An IDS’ job is to alert on certain events, and this sometimes leads to very chatty systems; what some people call “false positives”. False positives are not an IDS’ fault – the IDS is just alerting on events that we asked it to alert us on.

By Gorka Sadowski LogLogic Security Architect Firewalls/VPN Let’s talk about a scenario that happens in many corporations, including ones where strong Change Management procedures are in place. A new application gets deployed internally, for which the firewall rule set needs to be changed. And for testing purposes, additional ports need to be open. Testing takes place but now fine-tuning requires additional time. And the operations group gets busy and these ports are left open, deeply buried in the firewall rule set (it is not uncommon for rule sets to have hundreds of policies). And by the way, there was a typo in the port number for one of the rules and now ftp flows freely inside, in clear violation of the security policy prohibiting inbound ftp traffic in your trusted zone. How do you verify that your firewall is correctly implementing your security policy? Logs will tell you that.

By Gorka Sadowski LogLogic Security Architect We’ve all come to rely on a standard set of defensive solutions to address information and network protection, but these standards have given us a false sense of security. We think it’s high time that everyone understood why employing a Log Management and Intelligence solution is not only “nice to have” but actually critical to complement these standard protection methods. In the next few days I’ll be posting a blog mini-series exploring the standard measures we’ve gotten comfortable with and I’ll explain why logs could be your most effective secret weapon. Let’s first look at the most common defensive security solutions that have been popular these past few years. This is not an exhaustive list of all existing technologies, but rather a high-level view of some of the prevalent ones.

Is it rude just to cut & paste from someone’s press release? I thought not. Read this from TheInfoPro:

Everyone is talking about the cloud these days, and we at LogLogic are no exception. With promises of cost savings and a reduced carbon footprint, more and more organizations will be moving to the cloud in 2010 and beyond. Even the stodgy U.S. Census Bureau has begun using cloud computing.

By Dimitri McKay LogLogic Security Architect

Back in December, as you know because you’re an avid watcher of the log management space, we released our 4.9 software. At the time we claimed “40 new features,” “Double the performance” and other headline grabbing claims – all of which of course were true!

What we didn’t tell you was that several of those features were Easter Eggs waiting in silence for something magnificent to happen.

It just did.

Today we announced an extension to our Log Management family of appliances. We’ve added 5 new machines that, in conjunction with the “eggs,” go like lightning. The top of the range appliance, the ST4020 has been clocked in the labs as consuming over 250,000 logs PER SECOND! That’s not just an improvement on the old, it’s a whole new class of beast.

We’ve tripled the amount of connectivity, quadrupled the amount of storage, quadrupled the raw processing power, tripled the memory, and managed to lower the TCO from dollars to cents in many of the metrics.

By Lex van den Berghe LogLogic Customer Evangelist Oldest trick in the book. Put up a sign that says “Free Beer” and it’s guaranteed you’ll catch the attention of the masses. Well, we’re giving something away that’s even better than free beer…how about free money? One thousand dollars to be precise. Every LogLogic customer has a great story to tell and we want to hear yours…and your story could win you a cool grand! Send us your detailed story about how LogLogic helped you overcome a difficult challenge in your IT environment, identify a serious breach, achieve critical regulatory compliance, or save your organization time and money. You all rely on LogLogic every day to keep your companies secure and compliant, and we want to hear about your real-world experiences in the trenches and on the front-lines of your IT environments.