Most of the industry standards, security best practices, or regulations covering network data management require that logs are kept in a secure manner that guarantees their accuracy and integrity. At the same time, access to the log data needs to be controlled to avoid disclosure of sensitive information or tampering attempts.
GFI EventsManager provides three layers of log data consolidation: encryption of the log data store using strong AES algorithm; hashing of log entries to prevent and identify attempts to tamper with log data at the binary level; and controlled and audited access to log data using the GFI EventsManager console. Access to the log data is granted based on two-factor authentication: one using the Windows credentials which need to have administrative privileges and the second based on the built-in user role system. All access is granted on a need-to-know basis. GFI EventsManager users can only work with the data coming from the assets they manage, and all the actions taken are logged and reviewable at a later stage.