Security professionals have come to realize that ensuring data security and integrity is critical to business continuity and risk mitigation. However, with increasing amounts of data flooding our ever more complex networks, the risk of stolen or lost - with you unable to prove that it was not stolen - information continues to rise. Online merchant networks are particularly at risk from both classic computer attacks and more insidious fraud. At the same time, the more customer data is collected, the more dangerous the situation becomes. In response to this trend and to prodding from major credit card companies, new security measures are being implemented by merchants and other businesses to protect the data their customers trust them with (or don’t even know they have).

Today, all credit card merchants, service providers and retailers who process, store and transmit cardholder data have a responsibility to protect that data and must comply with a diverse range of regulations and industry mandates as well as a growing list of voluntary “best practices” frameworks. These include the venerous Sarbanes-Oxley bill (better known as SOX or SarbOx), the Payment Card Industry (PCI) data security standard, the Gramm-Leach-Bliley Act of 1999 and even HIPAA (healthcare providers take credit cards too!). Not complying with the above might result in fines, legal exposure, or both, although it is widely known that the regulation differ wildly in regards to their “teeth.” For instance, it was reported that nobody was ever fined for being out of compliance with HIPAA.


But this is easier said than done. Immense volumes of log data are being generated on such payment networks, necessitating more efficient ways of managing, storing and searching through log data, both reactively – after a suspected incident – and proactively – in search of potential risks. For example, a typical retailer generates hundreds of thousands of log messages per day amounting to many terabytes per year. An online merchant can generate upwards of 500,000 log messages every day. One of America’s largest retailers has more than 60 terabytes of log data on their systems at any given time. At the same time, unlike other companies, the retailed often have no option of not caring for logging.