Log management tool saves big on network fixes, integrates with IPS

By Linda Tucci, Senior News Writer 03 Feb 2009 | SearchCIO-Midmarket.com

Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

Boston Medical Center Size: 29 buildings, including 626-bed hospital and Level 1 trauma center. IT executive: Brad Blake Role: Oversees IT infrastructure and 70 of the hospital's 140 IT staff members. Computers: About 5,000 Project: Integrated log management device from ArcSight with McAfee IPS

He achieved this feat by pairing the log management tool -- which cost about $150,000 but saves the company $100,000 per year -- with the hospital's intrusion prevention system (IPS). Both vendors, ArcSight Inc. and McAfee Inc., helped.

"My security engineers can see an event in the McAfee IPS, right-click on it and execute an ArcSight command to shut the port off at that infected device," he said.

It was four years ago that Blake sought a solution to network problems spanning the 29-building Boston Medical Center. Over the years, networks and clients were upgraded from 10 MB to 100 MB, but if a client machine and the network were not set correctly for 100 MB, the system "autonegotiated" to the lower end of the setting, requiring a senior engineer to locate and reset the switch. An expensive fix.

More IT security resources Data protection tops CIO security agenda for 2009 Network access control: Evaluation tips for CIOs Health care CIO tackles complex security, privacy mandates

"We were constantly struggling with managing ports that connect to networks, specifically the speed they were set up for," Blake said. "We started to look in the marketplace for something that was simple and easy to use for our help desk folks, so that when a call came in they could at least take a look at the two big issues we were dealing with at this time -- the speed and the duplex settings on the network cards."

BMC found a log management tool from security information and event management vendor ArcSight. The ArcSight Logger could be configured to let senior and midlevel help desk staff members function as first responders for port speed issues.

"From a pure cost savings it was obviously a big win for us. Over the course of a year, I probably burnt an entire full-time network engineer," or more than $100,000, Blake said.

Log management + IPS = intelligent security

As future versions of the ArcSight Logger software were launched, Blake's team configured Logger "to walk" its entire network and map -- in Microsoft Visio diagrams -- the locations of all its equipment. Then the team configured Logger to gather the log files from the far-flung systems that IT owned and pull them into a central location.

"That gave us the ability to do searches and run reports on the information we were looking for," Blake said.

The solution, which cost approximately $150,000, gave what Blake (and ArcSight) like to call "forensics on the fly." Instead of waiting for the distress call, the logger helps anticipate problems on the network. For example, last year the ArcSight Logger resolved a spanning tree loop problem in a matter of minutes. Usually such glitches require a three-day fix.

What I am trying to do is get us into a more proactive mode around out security, because it has become such a hot topic. Brad Blake IT director, Boston Medical Center

Charles Kolodgy, research director, secure products at Framingham, Mass.-based IDC, said that in these days of diminishing IT budgets and rising security threats, taking an entrepreneurial approach to one's security architecture is becoming a necessity.

"Security ranges between 5% and 10% of your total IT budget," he said. A small company might have only a $5 million IT budget. "They'll be lucky if they spend $500,000 [on security], and the security covers a lot of product areas -- desktop security, your IPS, firewalls and antispam. There are 40 or 50 technologies you can get."

As for log management, consolidating logs in a central location for management purposes is one thing, but you also need the context of those transactions, Kolodgy said.

"The logs can be massively large. You need to be able to find correlations between them and be able to use that information in ways that can either vastly improve your security, such as helping you tune your intrusion prevention system, or possibly even tying it into your identity system," Kolodgy said.

Enterprising IT executive marries ArcSight and McAfee

That is essentially what Blake did. The Logger appliance didn't provide an easy-to-look-at view of what was going on. BMC is a McAfee shop. An admirer of the color-coded screen of his IPS system, Blake approached McAfee and ArcSight and spearheaded an integration of the two products.

Tags: Risk management for the midmarket,  Systems management for the midmarket,  IT spending and budgeting for the midmarket,  Cost-cutting tips for midmarket CIOs,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Risk management for the midmarket Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge Adopting a beta tool: Risks vs. rewards for a midsized enterprise The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility How to decide if changing technology vendors is worth the time, risk A guide to managing the risk assessment process Free risk management tools and resources for the enterprise CIOs taking risk of cutting vendor maintenance contracts to save money 10 must-have steps for an effective SMB information security program Systems management for the midmarket What will net neutrality mean for SMBs? Midmarket data center management guides: Tips and best practices Windows 7 review: A closer look at this operating system for business Microsoft among ERP vendors increasing built-in vertical functionality How to create and measure success of a SharePoint governance program 10 must-have steps for an effective SMB information security program FAQ: Business process management defined Management tools for virtualized servers: A look at the options Virtual server management vs. physical servers: What's the difference? ERP implementations: In search of ERP best practices IT spending and budgeting for the midmarket Saving money on software vendor maintenance contracts: A CIO series How to cut application maintenance fees without undue risk or hardship Need for speed driving midmarket adoption of IT outsourcing services CIOs taking risk of cutting vendor maintenance contracts to save money Open source solutions vs. SaaS applications: Weigh the options Your IT security budget: How to get more bang for the buck Tips to save you money during software vendor negotiations IT security spending a bright spot in '09, with more growth predicted Tips for cutting costs on telecom spending SaaS, cloud computing lead to cuts in application hosting pricing

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary