April 13, 2007
Regular expression allows for rapid low-cost knowledge build-up that grows with the enterprise for long-term compliance and security management
Columbia, MD – Prism Microsystems, today, announced the launch of a knowledge pack (KP) for managing events generated by over 200 Linux and Unix daemons and applications. This KP is designed to be quickly integrated with EventTracker, the company’s enterprise-grade event management solution. The Linux KP adds to EventTracker’s arsenal of embedded intelligence that supports a wide variety of event formats from systems, devices and applications enabling successful and continuous compliance, proactive security management and network monitoring.
The Linux KP contains predefined interpretation rules, based on regular expressions that filter out routine log entries and categorize irregular or suspicious log entries from various Unix/Linux daemons to detect patterns that might suggest an impending critical attack, security violation or ongoing threat. Personnel can be alerted in near real-time for quick resolution and management of issues. Over 200 utilities/applications are supported including apache, smtpd, and samba.
Event logs contain a wealth of information and are critical not only for maintaining audit trails and generating reports for compliance mandates but also for security and network management. However, most IT networks consist of a wide variety of applications, devices and servers, and each of these have different and obscure event formats. “Although some log management solutions address this concern by translating event formats from different sources into a normalized, proprietary format, the time factor and cost of adding knowledge for new IT initiatives is quite high, requiring expertise not only of the new initiative but often programming knowledge of the underlying log management solution” says Steve Lafferty, Vice President, Marketing, Prism Microsystems, Inc.
EventTracker solves this issue with regular expression based KPs that allow for powerful processing and correlation of events generated by various sources. These packs can be easily created and upgraded by leveraging the already existing body of event knowledge without needing any proficiency with EventTracker, resulting in rapid, low-cost and continuous build-up of event knowledge that grows with the growing IT needs of an enterprise. The Linux knowledge pack, for example, leveraged open source community initiatives, including OSSEC and Debian to quickly build application-level Linux and Unix logging support.
“Not only can we quickly support new devices but customers and other third parties can also create their own knowledge packs for custom applications and new IT additions” adds Lafferty.
Regular expression based parsing also provides a more holistic and comprehensive view of event data as opposed to the normalization technique. Regular expression queries search for strings within different log formats to provide dynamic result-sets that show the user specific patterns and activities while at the same time retaining the data in its raw format as required by compliance mandates.
KPs are currently available for Operating System platforms (e.g., Windows, Solaris, Cisco, Linux etc), applications (Oracle, IIS, Citrix, SQL Server etc) and regulatory standards (SOX, PCI-DSS, HIPAA, FISMA etc). In 2007, Prism Microsystems will be significantly broadening these packs to extend event support for additional popular applications.
About Prism Microsystems
Prism Microsystems, Inc. was formed in 1999. It is headquartered in the Baltimore-Washington high tech corridor with its primary Research and Development facility in Bangalore, India. Privately funded and profitable since 2002, the company delivers business-critical solutions to consolidate, correlate and detect changes that could impact the performance, availability and security of a company’s IT infrastructure.
EventTracker, Prism’s enterprise event management solution, is designed to enhance the security of critical systems, maintain confident compliance, and improve overall performance and availability. EventTracker is engineered for ease of use and flexibility and has over 600 customers in 50 countries across multiple sectors.