VeriSign last week announced an expansion of its log-management service beyond firewalls, operating systems and intrusion-detection systems to collecting log data related to applications and databases.
VeriSign's service is based on its Security Defense Appliance, which is placed inside a corporate network to collect, analyze and store logs. VeriSign says it's expanding the log-management service to collect raw data or just the security-related events pertaining to applications and databases of corporate customers.
According to Gartner, several managed security service providers, including Lurhq, Internet Security Systems and Counterpane, also offer log analysis services.
"Centralized logging and monitoring of application-level events is being driven by regulatory compliance, highly publicized data theft incidents and targeted application-level attacks," says Kelly Kavanagh, Gartner analyst in information security and privacy.
Amrit Williams, a Gartner consultant who specializes in data-analysis tools, notes the choice between a corporation developing its own log-aggregation process or outsourcing to a service provider is often made in favor of a service provider because there are lower upfront costs.
VeriSign says its log-management services are used by 800 corporations to manage about 10,000 devices.
"We're adding applications and databases from a wide range of vendors, including Oracle, PeopleSoft, SAP and IBM, as well as custom applications," says Scott Magrath, director of product marketing in VeriSign's managed security services group. The company has entered a partnership to use technology from LogLogic to pull data from a broad range of systems.
According to Magrath, the raw data can be stored on a database on the customer premises or externally, including within VeriSign's data centers. "They can see reports related to this data via our customer Web portal," he says. Alternately, data about applications and databases related just to security -- such as an excessive number of failed log-on attempts -- also can be stored by VeriSign.
"Anything we identify as a security event, we send that back to the security operation center and an employee notifies the customer," Magrath says. Corporations want to make a wide collection of log data to satisfy auditors, and "the biggest push for collecting of log data is to be in compliance with regulations of many kinds," he says.
The baseline price for VeriSign's log-management service ranges from six to seven figures annually, based on a monthly fee per device.