LogLogic Open Log Management LX and ST for Enterprise Driven by compliance, security, and limited personnel and budget, CIOs and IT departments are turning to the LogLogic Open Log Management solution as a best practice and integral part of their IT strategy. Today s log management challenge is simple, but clear collect, secure, store and extract actionable intelligence from log and audit data in real-time. More than 1,000 global customers, including many of the Fortune 500, have turned to LogLogic to underpin their compliance, security, and information asset protection initiatives. The LX and ST families of appliances work in conjunction to deliver the distributed, scalable enterprise-grade LogLogic Open Log Management platform for organizations including larger enterprises, government, and telecommunications customers. Open Log Management Security Change Manager Log Analysis Manager LogLogic LX Enterprise- Class Log Data Capture and Processing Regional Branch Overseas Branch Overseas Branch Main Data Center Encryption Appliance Encrypted Raw Logs Disaster Recovery Site NAS SAN
LogLogic ST Log Warehouse and Bulletproof Storage LogLogic ST appliances provide simple, secure long-term log data retention and search. They provide up to 34 terabytes of on-board compressed storage or virtually unlimited archives through NAS, SAN and WORM storage connectivity. LogLogic ST Family Features Collect log data at rates of up to 75,000 messages per second per appliance Stores up to 34 terabytes worth of compressed log data on-board Log data compression and optional encryption of log data archives Stores a secure hash key in a separate location for tamper-proof log archives Forensic search and replay capabilities of ST data into LX appliance Connects to external SAN and NAS storage networks Certified support for leading WORM storage solutions Automated data retention and deletion setting Other Features System Management Web-based GUI (Internet Explorer, Netscape, Mozilla, Firefox) Built-in central management station Command Line Interface SNMP Support High Availability External backup capabilities Hot standby and fail-over log message capture Hot swappable redundant power supplies (LX 2010, ST 2010, ST 3010) RAID support (LX 2010, ST 2010, ST 3010) Operating environment Hardened and optimized Linux OS Device support Any local log file through HTTP, HTTPS, SCP, SFTP, FTP, or FTPS All syslog protocol compliant devices, including firewalls, VPNs, routers, switches, servers and other devices Check Point OPSEC, including firewalls and VPN systems Safety and emissions certification Safety: CB Report; CAN/CSA-C22.2 No 60950-1-03; ANSI/UL 60950-1- 2002; EN 55022: 1998 + A1: 2000 + A2: 2003 Class A; EN 61000-3-2: 2000 + A2: 2005 & EN 61000-3-3: 1995 + A1 2001; EN 55024: 1998 + A1: 2001 + A2: 2003 Emissions: FCC Part 15 Class A, VCCI Class A, CE Class A, C-Tick, ICES, BSMI, MIC, CCC Appliance Specifications LX510 LX1010 LX2010 ST2010 ST3010 Sustained message/sec 500 1,500 4,000 75,000 75,000 Compression ratio Up to 12:1 Up to 12:1 Up to 12:1 Up to 12:1 Up to 12:1 Raw storage capacity 250GB 250GB 2TB (RAID 10) 500GB (RAID 1) 4TB (RAID 5+spare) Raw storage lifetime Up to 90 days (metalogs) Up to 90 days (metalogs) Up to 90 days (metalogs) CPU Single processor Single processor Dual processor Dual processor Dual processor Max power consumption 200 watts 200 watts 500 watts 500 watts 500 watts Chassis 1u 1u 2u 2u 2u Ethernet 1x10/100 1x10/100/1000 1x10/100 1x10/100/1000 1x10/100 2x10/100/1000 1x10/100 4x10/100/1000 1x10/100 4x10/100/1000 Serial port 9-pin serial 9-pin serial 9-pin serial 9-pin serial 9-pin serial More information Visit www.loglogic.com or contact a LogLogic representative by e-mail: info@loglogic.com, or phone: 1.888.347.3883 LogLogic is a registered trademark in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. LogLogic reserves the right to alter product offerings and specifications at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document. 2009 LogLogic, Inc. All rights reserved.
LogLogic Simplify Security Event Management Security and IT managers need a security incident response program that is highly effective, yet easy to implement and maintain. Whether the end-goal is to meet regulatory requirements, mitigate risk, or to achieve best practice objectives, the LogLogic (SEM) provides organizations with the ideal solution to simplify their security management processes while improving overall security and forensics and reducing time to resolution. Open Log Management Security Change Manager Log Analysis Manager Raw Logs Filtered Logs Normalized Events Aggregated Events Correlated Alerts Incidents By analyzing the thousands of complex events generated from firewalls, IDS/IPS, operating systems, databases and applications in real time LogLogic SEM reveals the most critical security incidents and provides deep insights into the security posture of the IT infrastructure. By correlating events with prioritized asset and vulnerability information, LogLogic SEM enables security analysts to quickly prioritize security incidents and mitigate threats. LogLogic SEM s built-in incident workflow and service level agreement (SLA) management features provide security and operations personnel with the tools they need to be more efficient in responding to external and internal threats. The LogLogic SEM solution is a third generation security event management appliance, custom-built for security incident and threat management and powered by LogLogic s industry leading open log management platform.
LogLogic Appliance Specifications SEM1060 SEM3060 SEM4060 SEM4070 Events per second 1,500 3,000 5,000 10,000* Storage capacity (Raw) 900GB (RAID 1) 1.8TB (RAID 10) 2.7TB (RAID 10) 1.8TB (RAID 10) On-board Storage capacity (including compressed data) 600GB 1.2TB 1.9 TB 1.2TB Power supply 2x670 watts 2x750 watts 2x750 watts 2x1050 watts Chassis 1u 2u 2u 4u Ethernet 2x10/100/1000 2x10/100/1000 2x10/100/1000 2x10/100/1000 Support external disk array Yes, for ADA only Yes Yes Yes Support external SAN No No Yes Yes High availability No Yes Yes Yes *Based on an environment with multiple virtual appliances. More information Visit www.loglogic.com or contact a LogLogic representative by e-mail: info@loglogic.com, or phone: 1.888.347.3883. LogLogic is a registered trademark in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. LogLogic reserves the right to alter product offerings and specifications at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document. 2009 LogLogic, Inc. All rights reserved.
LogLogic Unify Database Security Management The need to preserve the confidentiality and integrity of data and monitor privileged user activity has driven CIOs and auditors to impose increasingly stringent controls on corporate database systems. LogLogic (DSM) goes beyond native database audit functionality to provide both real-time detection and prevention solution without impacting database performance. Open Log Management Security Change Manager Log Analysis Manager LogLogic DSM is an appliance based solution that is coupled with a unique host-based sensor technology to provide in-depth activity monitoring and real-time prevention of unauthorized activity. The LogLogic DSM solution helps address two critical needs of an enterprise compliance and security. Compliance needs, focused on details such as access to Protected Health Information (PHI) or Personally Identifiable Information (PII), can not only be monitored passively, but also actively acted upon either to quarantine the user or generate critical forensic evidence for an investigation. The security needs of an organization are met by monitoring for active exploits of known database security vulnerabilities using the Virtual Patch Service. The integration with LogLogic Open Log Management platform provides a critical element of success for an organization that is looking for a truly global picture of their enterprise activities including the database activities with the network security and operating system activities. (continued)
LogLogic (continued) Appliance Specifications LogLogic DSM Storage capacity (available) 2TB (RAID 10) Power supply 500 watts Chassis 2u Ethernet 1x10/100, 4x10/100/1000 Support external disk array Supports database servers for up to 64 CPU cores Console configuration 9-pin serial port More information Visit www.loglogic.com or contact a LogLogic representative by e-mail: info@loglogic.com, or phone: 1.888.347.3883. LogLogic is a registered trademark in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. LogLogic reserves the right to alter product offerings and specifications at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document. 2009 LogLogic, Inc. All rights reserved.
LogLogic Automate Compliance Management In today s increasingly complex regulatory environment, enterprises are looking for ways to efficiently streamline their compliance initiatives. LogLogic Compliance Manager helps enterprises streamline their operations by enforcing compliance controls. As part of self-assessment, emphasis is focused on managing the compliance process itself, including timely log review, record of such activities, and impact to the security posture of the enterprise. Open Log Management Security Change Manager Log Analysis Manager LogLogic brings visibility of compliance activity metrics to CIOs and CSOs and control over activities to the compliance team. With LogLogic, CIOs and CSOs can proactively review the compliance timeliness and compliance posture mandated by Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standard (PCI-DSS). The automated compliance approval workflow engine and review tracking feature assist organizations in achieving their regulatory compliance objectives easily and efficiently while also maintaining accountability. The compliance policy mapping capabilities in LogLogic Compliance Manager establish a logical map of compliance. An audit trail is built by the compliance workflow engine by tracking review activities, including annotations, approvals, and returns of all reports. (continued) At a glance Dashboard of compliance rating and progress
LogLogic (continued) Appliance Specifications AP 2010 Raw storage capacity 1TB (RAID 10) LogLogic appliance support Flexible storage CPU Max power consumption Chassis Ethernet Serial port Up to 20 LX/ST/MA appliances Lifetime of compliance information (Minimum of 2 years) Dual Processor 500 watts 2u 2x10/100/1000 9-pin serial More information Visit www.loglogic.com or contact a LogLogic representative by e-mail: info@loglogic.com, or phone: 1.888.347.3883. LogLogic is a registered trademark in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. LogLogic reserves the right to alter product offerings and specifications at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document. 2009 LogLogic, Inc. All rights reserved.