Who uses SSB
SSB is useful for everyone who has to collect, store, and review log messages. In
particular, SSB is invaluable for:
l
Central log collection and archiving
: SSB offers a simple, reliable, and convenient
way of collecting log messages centrally. It is essentially a high-capacity log server
with high availability support. Being able to collect logs from several different
platforms makes it easy to integrate into any environment.
l
Secure log transfer and storage
: Log messages often contain sensitive information
and also form the basis of audit trails for several applications. Preventing
eavesdropping during message transfer and unauthorized access once the messages
reach the log server is essential for security and privacy reasons.
l
Policy compliance
: Many organization must comply with regulations like the
Sarbanes-Oxley Act (SOX), the Basel II accord, the Health Insurance Portability and
Accountability Act (HIPAA), or the Payment Card Industry Data Security Standard
(PCI-DSS). These regulations often have explicit or implicit requirements about log
management, such as the central collection of log messages, the use of log analysis
to prevent and detect security incidents, or guaranteeing the availability of log
messages for an extended period of time — up to several years. SSB helps these
organizations to comply with these regulations.
l
Automated log monitoring and log pre-processing
: Monitoring log messages is an
essential part of system-health monitoring and security incident detection and
prevention. SSB offers a powerful platform that can classify tens of thousands of
messages real-time to detect messages that deviate from regular messages, and
promptly raise alerts. Although this classification does not offer as complete an
inspection as a log analyzing application, SSB can process many more messages
than a regular log analyzing engine, and also filter out unimportant messages to
decrease the load on the log analyzing application.
SSB 5.3.0 User Guide
Introduction
8
