Forensic Soundness of Log Data
Assuria Log Manager CCTM Accreditation Achieved
International cyber-security vendor Assuria has confirmed that its highly-prized Log and Security Information and Event Management (SIEM) product, Assuria Log Manager (ALM),has been awarded CESG Claims Tested Mark (CCTM) certification, the UK Government quality mark for private and public sector.
The Assuria Log Manager (ALM) solution, which maintains a forensic audit trail of original data from any system, server or device, underwent intensive testing at the leading independent testing laboratory, ENEX Test Lab, which is authorised by CESG to validate the functionality claims made by vendors thus giving purchasers confidence that the product has been independently tested and the results verified by CESG.
The innovative software product developed from over 20 years of top-level industry expertise, securely collects, stores, translates and analyses unaltered audit and event log data from any system, server or device, giving a unique insight into all user and system activity.
Assuria Log Manager is already in use in Commercial Organisations as well as in the UK Government space, where it has helped customers to comply with the strict guidelines laid out in CESG’s comprehensive Good Practice Guide Number 13, (GPG-13), the Protective Monitoring guide for UK public sector IT.
Davina Whitworth, Corporate Strategy Manager at Luton Borough Council, said the award “endorses our decision two years ago to install Assuria Log Manager software to help meet our GCSX Code of Compliance requirements”.
Malcolm Higgins, at ENEX Test Lab, confirmed “Assuria Log Manager was rigorously tested by ENEX, in accordance with CESG policy, and passed all tests at the highest level. We are happy to confirm this product is highly satisfactory in fulfilling its stated functions of protective monitoring, safeguarding information systems, capturing original log data and monitoring user activity”.
Terry Pudwell, MD at Assuria, said the news comes at a time when recent data-breaches and employee misuse of computers have thrust public-sector cyber-security into the spotlight. “With recent Freedom of Information requests revealing widespread misuse of police computers, and at least 16 cases of sensitive MOD data being leaked through employee activity last year, it is vital that the public-sector ensures that it is using products that have been independently tested and verified by CESG. Our ALM and Assuria Auditor tools give organisations an in-depth portal into all past and present user activity, across any systems, servers or devices. ALM, almost uniquely in the market today, manages and securely collects log data directly from any system, server or device without relying on the customer to set up log forwarding, ensuring data is preserved in original and forensically sound form, to provide a bullet-proof audit-trail.”.
Assuria Log Manager and the company’s Assuria Auditor product are currently in use across 30 countries, by major public and private-sector bodies, including organisations such as BAE Systems, Gulf International Bank and Johns Hopkins University Applied Physics Labs.