That can be a huge challenge, considering the sheer number of transactions and the terabytes of storage space required on a daily basis to store log data about all of them, said David Jordan, chief information security officer for Virginia's Arlington County. It also requires comprehensive modeling of typical network behavior enterprisewide so any abnormal activity can be pinpointed, Jordan said.

Few existing products

For now, at least, there are few out-of-the-box products that can help companies do end-to-end log collection and real-time data correlation and analysis, said Amer Deeba, vice president of marketing at Qualys Inc., a vulnerability management services provider in Redwood Shores, Calif. And the cost of custom-building such capabilities can be prohibitive, added Deeba.

But there are some tools that IT managers can use to address parts of the challenge, Deeba noted. For instance, several logging and monitoring tools are available for quickly detecting unauthorized database activity.

USEC Inc., a US$1.6 billion energy company in Bethesda, Md., uses an appliance from Guardium Inc. to monitor the activities of the administrators who manage the Oracle and SQL Server databases underlying its financial applications. The Guardium device can detect unauthorized changes and other policy violations that could affect the integrity of USEC's financial data, said CIO David Vordick.