Products > GFI EventsManager > Legal and regulatory compliance

Network-wide event log management

Next steps > Features > Screenshots > Pricing > Download

Regulatory agencies and public auditors assign a high value to the ability to follow audit trails back in time. When you discover that a user is engaging in improprieties, you might need to backtrack through months of data to fully document that user's activities and build a case.

A recent survey carried out by SANS Institute found that 44% of system administrators do not keep logs more than a month. This is a major concern for many organizations since regulatory and accounting bodies have strict requirements, sometimes even requiring log retention for three to seven years.

Regulatory bodies and acts such as Basel II, PCI Data Security Standard, Sarbanes-Oxley Act, Gramm-Leach-Billey Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance 1999, UK Data Protection Act, EU DPD; all require event retention. Furthermore, they also require event review, for instance NIST recommend a log review at least twice a week. Event logs are the primary source to determine level of compliance and identify deficiencies.

In-depth regulatory compliance reference material
Refer to our specialized material to learn about the different requirements posed by different regulatory bodies:

• What are the Sarbanes-Oxley Act legal requirements for security auditing?
• What are the PCI DSS requirements that your organization needs to meet before September 2007?

Why use GFI EventsManager to meet legal and regulatory compliance? > Save money from legal compliance penalties > Automatically archive unaltered logs in one central database that is easy to manage > Generate reports from event logs to ensure that network resources are being used appropriately.