Is log management finally on the radar of IT decision makers?
Log management combined with SIEM has been in the market for the last 3 to 4 years. But it was not as important as it is becoming today. We are seeing a lot of traction in the log management space now because of compliance and governance. Thanks to compliance requirements, IT people are finally getting budgets for something they have been willing to do for years. Getting a log management in place means getting an automated system for managing your IT operations and protecting your assets. We are seeing a huge demand from customers in the banking and finance and telecom sectors, which need to store terabytes of logs, accounting for 30% of the total data storage. We are in talks with an operator in this region, which has equipment generating 50 terabytes of logs every day. They have to make sure that they collect these logs and store it in original format without altering. So the complexity for us is to get the software that collects and index all these logs. So when a customer wants to search through one year of historical logs, they can’t afford to wait for months. This is why we have come out with a new set of appliances, based on quad processors to dramatically improve the speed. These new products can handle up to 13000 logs per second. We have also come out SAN connectors with these appliances as most of our customers need to be able to store their logs in a SAN environment.
Is compliance a major driver in this region?
Yes, as more and more businesses are going global and you can see best practices such as ITIL and Cobit are becoming more and more common here. The local banks here are trying to prove that they are as good as any global banks, and they understand the importance of compliance and governance. In fact, Middle Eastern companies more compliant than the ones I have seen in other countries. Log management offers you the opportunity for IT operational excellence. Logs are the fingerprint of your systems and it is all about enhancing your IT management.
Do you see the lines between log management and Security Information and Event Management (SIEM) blurring?
It is still well segmented. What you see is companies starting SIEM and doing correlation without a log data warehouse. When you talk about correlation, it’s measuring two identical events, which is hard to do if you don’t aggregate all your logs in one place. Log management is the foundation for SIEM.