TriGeoSphere

These are the kinds of headlines, taglines, and marketing pitches from Log Management and SIEM vendors that fill my inbox daily, and I’m sure yours as well. I suspect most IT professionals react the same way I do by laughing at them, ignoring them or at least being incredibly skeptical of them. But that isn’t necessarily always the case. I suspect that some well intentioned, stressed IT managers might read these headlines and see the mirage of salvation. If it seems too good to be true, it probably is, and this is no exception.

We can learn a lot from recent examples of data loss from “PCI-compliant” organizations. Check-box compliance is not the goal and it’s certainly not the end of data security. To echo what so many others have said before, security is a process, not a product.

As a product vendor, is it heresy for me to take this stance? Not at all. We never have and never will position our technology as a silver bullet to all your compliance needs or something that’s ‘set it and forget it.’

Can we play a significant role? Absolutely!

We offer an “audit proven” technology which has helped businesses pass thousands of audits. In fact, our customers credit TriGeo with helping them achieve the highest audit scores in their markets. But compliance is not the goal – it’s the result of good security practices. By going beyond simple log aggregation, reporting and forensics, companies are taking the next step in protecting their data, which is the fundamental objective for all of these compliance initiatives.