UPDATED 12:30 EST / MAY 10 2011

LogLogic Emerges with VMWare on PCI Compliance

IT Data Management company LogLogic has announced a major step in evolution from their alliance with VMWare in PCI Security Standard (PCI DSS) and expanded offerings in the realm of PCI compliance. The MX-Virtual product offering helps answer one of enterprise’s biggest PCI concerns: How to tackle PCI compliance in virtualized environments. The product helps you find relevant data about virtualized systems in a powerful forensic and analytic toolset.

“LogLogic has shown a strong commitment to managing logs in a virtual environment to help customers achieve regulatory compliance,” said Parag Patel, vice president, Global Strategic Alliances, VMware. “We will continue to work together to help ensure organizations meet compliance requirements and strengthen their security posture.”

Under PCI DSS requirement 10.2, organizations must implement audit trails for all system components. Under traditional constructs, the task of collecting this information was a burden. As technology has evolved, the ability to collect information has become less of a challenge. The real challenge lies in the extraction of relevant data. Relevant data is focused, manageable, “real-time” or something close to it, and valuable. In the realm of virtual environments, compliance data and the management of it has thus far been a considerable challenge.

“You can’t be PCI compliant if you do not collect ALL relevant audit trails in your organization. PCI DSS Requirement 10 is clear: track and monitor all access for daily review,” said Guy Churchward, CEO of LogLogic. “LogLogic delivers virtual-environment specific log collection. Our technology allows users to track what is happening in a virtualized environment, which is required to achieve PCI DSS compliance.”

The company’s announcement also includes a give-away of a number of appliances to VMWare customers who visit their site.

In present environments, many organizations fail in the capacity of extending provisions for additional resources required for audit and log purposes. These include traditional IT resources such as CPU, memory, disk, and network. More often than not, organizations find that after enabling log and auditing, that without the benefit of prior strategic analysis, their infrastructures for virtual environments are exceedingly insufficient for the significant deployment of a minimal compliant environment. A problem of scale is posed. A streamlined and strategic approach to this scenario can help alleviate this and prevent issues and bottlenecks.  Testing, validation, and controls are required elements, particularly in virtual environments.

Clearly this marks a classic balance posture, where the demands of the environment are in counter-balance with the density available on the systems and choices must therefore be made. Fortunately more tools and strategies are emerging to help deal with the mission of protecting assets, information, compliance, data loss, fraud, and much more, including PCI compliance.

Continued questions revolve around the extent of compliance and liability and the boundaries in the world of virtualization.  For example, in the event of a compromise, such as in the Sony attacks in the realm of virtual systems- how to audit the events post-compromise. For the time being, crimes committed against machines that are virtual are themselves subject to auditing, discovery, and chain of custody type of forensic analysis. Could an argument be made that the host itself be required to undergo forensic analysis? Should we be looking at page files, file ownership, or any other events at the host level? Yes, indeed we should and that’s exactly where widespread analysis and ability to reach the hosts, the virtual machines, network, disk and all matters to it is absolutely critical for the vigilant enterprise.  How much is this affecting Sony right now?  A vector for extended compromise could emerge at any point in time, at any point in technology, at any point within an organization and that includes those emerging threats that we may not have yet identified.

In addition, some compromises are internally facilitated if not internally generated. There comes a point where a matter of policies, approach, practice and technology merge into a single most valid strategy.  This extends to the enterprise in the data center, on your workstation and in the cloud.  Wherever data goes, there is something to protect.  In the case of LogLogic, this announcment is exciting and welcome technology that should help and with developing and focused integration into deployment in virtualized environments, it will help many organizations with resources with their compliance goals.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU