Log management and data retention solution
Mandates and regulations require organizations to collect, store, and analyze various types of logs to demonstrate that they are adequately protecting information and infrastructure.
Symantec Security Information Manager enables organizations to collect, store, and analyze log data as well as monitor and respond to security events to meet IT compliance requirements.
Flexible archiving, querying and reporting provide organizations the means to manage logs from every source. Symantec Security Information Manager stores events in a collection of archive files within a specified location. The archive is implemented as a self-maintained module where it monitors disk usage and the age of individual archive files. Based on policy, when a specified maximum disk space is reached or files approach their expiration date, the system deletes old archives to make room for new ones. These files can be stored on the appliance, direct attached storage (DAS), network attached storage (NAS), or on a storage area network (SAN).
Symantec Security Information Manager can archive data faster than traditional databases because it is optimized for one function – to save a high volume of events. General database applications are built for hundreds of different functions limiting their ability to accommodate such a specialized requirement. Symantec Security Information Manager can achieve up to 30:1 data compression and captures and stores normalized data as well as raw event information for forensic-quality log data analysis.
Symantec Security Information Manager provides compliance specific queries (HIPAA, PCI, SOX, etc..), offers flexible data access across multiple separate archives and can distribute reports on a scheduled basis. It can easily support log collection and management from every source with predefined queries, reports and flexible archive options.