This article can also be found in the Premium Editorial Download "Storage magazine: New rules change data retention game."
Download it now to read this article plus other related content.
Log aggregation and analysis tools are available from the likes of ArcSight Inc., EMC and LogLogic Inc. Among these products, EMC enVision (acquired from Network Intelligence) stands out most prominently because of its scalability and performance. While most SIEM vendors depend on relational databases, enVision deploys a proprietary distributed object-based database that scales as sites and devices are added. "We decided early on to not use traditional relational databases as they are ill-suited for collecting a high number of log transactions generated by devices throughout the enterprise and reporting and correlating on them at the same time," says Matt Stevens, CTO of the information and event management group at RSA, the Security Division of EMC.
"Before we deployed enVision, we used a SIEM tool with a relational database and we had to wait 10 days from the time an event was captured to the time it appeared on a report," says EDS' Lockhart. "EDS currently generates about 1 trillion log events per month from all our locations and, thanks to enVision, we are able to report on and correlate logs close to real-time," he says.
Securing NAS management
Tightening security around NAS management is critical. While a strong password policy is recommended for all users, it's an absolute must for administrative accounts. To further reduce the risk of administrator accounts being exposed, some companies, like EDS, are moving toward dual-factor authentication.
Another good practice is to separate the management network from the data network. "All our NAS management stations reside on a separate management network that is inaccessible by regular users," reports EDS' Bowers. Role-based administration, offered by most NAS products, helps further segregate NAS administration.
Partitioning a single physical NAS into several virtual systems that are independently managed takes role-based administration to the next level, a capability available for NetApp NAS filers with the MultiStore feature. "Prior to MultiStore and virtual filers, customers had to buy separate NAS filers to get this level of segregation," says Michael Eisler, technical director at NetApp.
Safe, not sorry
NAS depends on your network, storage and most likely Active Directory, so it's a multidepartment effort to keep it safe. A solid security policy and a risk-based approach to determine the right level of protection are practical guides to implement security for your NAS filers.
This was first published in September 2007