Welcome to the latest BriefingsDirect podcast discussion, recorded at The Open Group’s 23rd Enterprise Architecture Practitioners Conference and the associated 3rd Security Practitioners Conference in Toronto.
We're going to take a look at an emerging updated standard called XDAS, which looks at audit trail information from a variety of systems and software across the enterprise IT environment.
This is an emerging standard that’s being orchestrated through The Open Group, but it’s an open-source standard that is hopefully going to help in compliance and regulatory issues and in improving automation of events across heterogeneous environments. This could be increasingly important, as we get deeper into virtualization and cloud computing.
Here to help us drill into XDAS (see a demo now), we're joined by Ian Dobson, director of the Security Forum for The Open Group, as well as Joël Winteregg, CEO and co-founder of NetGuardians. The discussion is moderated by me, Dana Gardner, principal analyst at Interarbor Solutions.
Here are some excerpts:
Dobson: We actually got involved way back in '90s, in 1998, when we published the Distributed Audit Service (XDAS) Standard. It was, in many ways, ahead of its time, but it was a distributed audit services standard. Today’s audit and logging requirements are much more demanding than they were then. There is a heightened awareness of everything to do with audit and logging, and we see a need now to update it to meet today’s needs. So that’s why we've got involved now.
A key part of this is event reporting. Event reports have all sorts of formats today, but that makes them difficult to consume. Of course, we then generate events so that they can be consumed in useful ways. So, we're aiming the new audit standard from XDAS to be something that defines an interoperable event-reporting format, so that they can be consumed equally by everybody who needs to know.
The XDAS standard developers are well aware of, and closely involved in, the related Common Event Expression (CEE) standard development activity in Mitre. Mitre's CEE standard has a broader scope than XDAS, and XDAS will fit very well into the Event Reporting Format part of CEE.
We are therefore also participating in the CEE standard development to achieve this and more, so as to deliver to the audit and logging community an authoritative single open standard that they can adopt with confidence.
Winteregg: My company is working in the area of audit event management. We saw that it was a big issue to collect all these different audit trails from each different IT environment.
We saw that, if it was possible to have a single and standard way to represent all this information, that would be much easier and relevant for IT user and for a security officer to analyze all this information, in order to find out what the exact issues are, and to troubleshoot issue in the infrastructure, and so on. That’s a good basis for understanding what's going on the whole infrastructure in the company.
There is no uniform way to represent this information, and we thought that this initiative would be really good, because it will bring something uniform and universal that will help all the IT users to understand what is going on.
In distributed environments, it's really hard to track a transaction, because it starts on a specific component, then it goes through another one, and to a cloud. You don’t know exactly where everything is happening. So, the only way to track these transactions or to track the accountability in such an environment would be through some transaction identifiers, and so on.
For auditors or administrator, it is really costly to understand this information and use it
in order to get relevant information for management to have metrics and to understand what's really happening on the IT infrastructure.
Audit information deals a lot with the accountability of the different transactions in an enterprise IT infrastructure. The real logs, which are modulated to develop strong meaning for debugging applications, may be providing the size of buffers or parameters of an application. Audit trails are much more business oriented. That means that you will have a lot of accountability information. You will be able to track the who, the what, and the when in the whole IT infrastructure, which is really important these days with all these different regulations, like Sarbanes-Oxley (SOX) and the others.
With a standard like XDAS, it will be much easier for a company to be in compliance with regulations, because there will be really clear and specific interfaces from all the different vendors to these generated audit trails.
The standard will be open, but there is a Java implementation of that standard called XDAS for J, which is a Java Library. This implementation is open source and business friendly. That means that you can use it in some proprietary software without having to then provide your software as an open-source software. So, it is available for business software too, and all the code is open. You can modify it, look at it, and so on. It’s on the Codehaus platform.
We're waiting for some feedback from vendors and users about how it is easy to use, how helpful it is, and if there are maybe some use cases -- if the scope is too wide, too narrow, etc. We're open to every comment about the current standard.