G-log
The local logic access registration collections gathered from the working systems (established by the FAQ inherent the measure as enough to guarantee the data veracity), become a network security policy hot spot that clashes with miscellaneous and incompatibility of those registration, as well as the loss of a common agreement protocol able to furnish standard log collection services, fitted for all systems in the measure perimeter.
img 1
.
G-Log is a turnkey appliance, projected for collecting and keep logs from complex and miscellaneous IT platforms (able to comply the Garante legislation requirements)
- Agentless
In this modality the access log acquisition on systems under the Garante Measure perimeter require to perform some changes on target systems configuration with no need to deploy extra software. - Agent based
In this modality a software client is installed on each system with access logs acquisition ability and able to transfer those information towards the G-LOG using reliability mechanism.
This solution present some features that let the log collection appliance to be going and effective towards the requirements established from the Garante measure:
- High performance in log acquisition and keeping process tank to a modular architecture, a log normalization in syslog format and fast and effective storage mechanism that make writing process faster and facilitate any successive research activity.
- Digest algorithm availment to calculate log hashing in order to evidence immediately any illicit actions on the same log.
- Log writing on Worm record supports able to secure the log alteration as request from the Garante legislation.
G-Log is able to answer effectively to company needs as follow:
- Log collecting in miscellaneous technologies context: the open-source development is higher for integration with multi-vendor and multi-technology solutions.
- Short time integration: exploits as more as possible native services from target systems (syslog, ssh, rpc, etc…) reducing at minimum costs and time efforts.
- Integration with existing SIEM: the product is able to support and integrate SIEM solution already working in the company
- Retention guarantee: is possible to have a retention up to six months thanks to data compression algorithms
- Italian support: developed by the Retis experience, the product offer a direct support in Italian language
