See Our ‘see’ is simply the biggest, fastest, most scalable and complete IT data warehouse available today. We have one customer that currently gives us 53 BILLION logs per day. Twitter (not a customer), we estimate, produces 127,000 log messages per second. Our biggest box peaks at 250,000. This level of scalability means that if you’re considering building a large datacenter, we’re the only people you should talk to.

To quote BusinessWire, we’ve just announced another world first. At VM World today we announced our support for VMware vCloud Director in LogLogic 5. Want to see it in action? Press play below…

Get Let’s look at ‘get, see, use’ in a little more detail. Our “get” is actually technology called the Universal Collection Framework. This framework provides universal IT data collection capable of collecting, without agents, from just about anywhere. Where we do need agents for those hard to reach places, like HP Integrity NonStop (tandem) machines, or exotic devices, we have them. We also provide specialized technology for capturing database activity without the need for you to turn on costly auditing. All of this technology is vertically scalable to suit data centers of any size. It is also the world’s only WAN-aware store-and-forward technology capable of adapting to time-zones, being scheduled, compensating for unstable pipes, and protecting your data from unauthorized viewers.

The Flexibility Wheel This ‘get, see, use’ is what we refer to as ‘360 Insight.’ Put simply, it means that we don’t care where your data is, or what format it’s in; we can get it and give you 360 degrees of sight into all your IT data. We don’t care why you’re capturing all that data. Whether it’s compliance, security, or IT-ops, we give you 360 degrees of sight into all your business drivers. We don’t care who you are. Whether you’re looking for insight because you’re HR, an auditor/assessor, a partner, or that guy in IT - we give you insight. ‘We don’t care’ is harsh. ‘We’re neutral’ lacks the passion behind our focus. What I’m trying to say is that we’re doing all the hard work to understand all of your data, for whatever driver motivates you, while respecting your role within your organization.

There’s an analyst firm you may not have heard of called Securosis. Every member of the firm is a rock-star from one of the major players that got fed up constantly having to guard their words and toe a corporate line. These guys speak it like they see it, and it often isn’t pretty. I butted heads with them my first day at LogLogic and lost. I like them for that. Anyway, they’ve just written a “what the heck is SIEM” paper. Whilst I disagree with their definition of what SIM and SEM are (my definition is here), the paper is well worth your time. It’s long – 40 pages, but there’s something new for everyone in there. I highly recommend you make the time (even if it is sponsored by a competitor).

The difference is clear Our approach is different. Firstly, there’s no spaghetti! Ours is a simple world where all data, regardless of source or type, is centralized, augmented, enriched, parsed and understood, then smartly passed onto the appropriate visualization tools. We aim to create a virtual information pool that enables you to see 360 degrees of your operation; to provide you insight into the workings of your infrastructure. Over on the left we have what we’re calling ‘Get.’ This is our Universal Collection Framework technology – our unique ability to capture audit trail information from almost any device, in almost any format and then securely and wisely move it to a central store, regardless of LAN or WAN complications.

Hmmm, products of the week? Us? Again? Wow, people love the 5 thank you

Adding Complexity And that brings us to what I’ll call 1st generation solutions to your problem. On the left of the slide you’ll see what I call “data assets.” These are your routers, firewalls, switches, servers, operating systems, databases, commercial and homegrown applications and pretty much anything with a plug. It’s a fact of life that almost all of the technology we use creates an audit trail. Some of those trails are called logs, others flow, sometimes they’re just file dumps. The point is, everything we do within the connected world leaves a trail.

The Standard Answer The good news for you is that, as an industry, we’ve recognized your needs and even given them a name – S.I.E.M. or Security Information and Event Management. S.I.E.M. is made up of two separate technologies - the first and most important is S.I.M., Security Information Management. This is the foundational work of collecting all tracking data - be it Logs, Flow, Assets, Users or Files - consolidating it, and then turning it into useful data. It is the S.I.M. technology that allows for the forensic searching and reporting we just discussed. It is this that you use for good IT management or compliance. We can even use it for simple alerting, such as someone failing to authenticate against a database.

By Bill Roth, CMO In a recent article, our competitor LogRhythm commented on our technology plans which indicated either they don’t understand what we’re doing, or that they think what we’re trying to do will threaten the status quo - and their business. LogRhythm’s VP of Marketing said the following: “The idea of a standardized protocol for transporting and storing log data sounds good in theory, but it’s unrealistic given the hundreds of different types of log sources and vendors. A standard like this does more to benefit the vendor than it does the end customer, from both a technological and marketing standpoint," he added. "Standardization would make it easier for the log management or SIEM vendor, but the positive impact on the end customer is hard to see given the widespread collection and transportation capabilities that exist today."

The need. Driving this desire for greater visibility, control and security is usually one of three things (there are of course other drivers, but these are the big three): compliance, security and the need to operate an efficient IT infrastructure. Regardless of whether you’ve just failed an audit, or you’ve got one looming on the near horizon…or whether your firewall has just been kicked in, or you’re being paranoid because a “like” company has just been breached…or a critical system recently failed and it took you too long to recover - we always get asked for the same 3 things: alerting, searching and reporting.

I’m about to post the full LogLogic story, a short book in 12 chapters. Hopefully it will tell you who we are, what we’re trying to do, and why we’re so very proud of LogLogic 5. The Problem The problems we’re trying to address are simple to define but harder to resolve, namely the lack of control, visibility and security in today’s IT shops.