It feels like the whole issue of making it easier to correlate log information with system and security events is finally getting some long overdue attention.
For example, ArcSight this week announced a new version of Log Manager that makes it easier to search information, while Splunk delivered a free tool for searching logs that is becoming increasingly popular.
But while there are a number of well-established players in the security information event management (SIEM) market, the need to find more efficient ways to track systems events is also attracting startups companies to what was once considered one of the more mundane areas of IT.
One relative newcomer is SenSage, which provides a database that can track events in real time underneath its security event information offering.
According to SenSage CEO Joe Gottlieb, the SenSage database runs in memory to make it easier to correlate events in real time so IT administrators can be made aware of events as they happen based on updates to the database and alerts that are then automatically generated. In effect, that means that instead of the IT administrator having to search for the logs, relevant system event information can now find them and then automatically trigger compliance and risk management policies.
There is a much greater appreciation for log management in particular and SIEM in general. IT organizations will need to determine how much of that information they need, and when. For some, the answer to that last question is “yesterday.”