KuppingerCole Report
Executive View
By Martin Kuppinger, Alexei Balaganski

Balabit syslog-ng

The Balabit syslog-ng product family provides technologies that allow collecting, processing, and analyzing log events from a variety of different sources, going well beyond the standard syslog component. The products are relevant both as a complement to and a replacement for standard SIEM solutions.
By
mk@kuppingercole.com
By
ab@kuppingercole.com

1 Introduction

Balabit IT Security is an international information security vendor headquartered in Luxembourg. Founded in 2000 in Hungary, the company still maintains their research and development centers there; however, with multiple sales offices in Europe, US and Russia and a large partner network it has a strong global market presence. Balabit’s product portfolio is based on three major areas of information security: log management, privileged activity monitoring and user behavior analytics. Together they comprise the Contextual Security Intelligence (CSI) Suite. Among these solutions, the company’s oldest and undeniably most well-known is syslog-ng, the de-facto standard log management tool for Unix-like platforms, which is used in over a million installations around the world.

In today’s environment of ever-increasing attacks on systems and ever-increasing regulatory compliance requirements, organizations must improve their capabilities to analyze events and incidents in networks and to react to them. Fortunately, there is a range of offerings for doing so.

Starting with system-level event logs, there are two major directions. One focuses on domain-specific analysis of information, such as around Identity and Access Management, Privileged Account Monitoring, or specific types of Network Analytics.

The other direction comprises tools that focus on generic collection and analysis of logs across a variety of systems. In this area, we find log collection, SIEM (Security Information and Event Monitoring), and what KuppingerCole names RTSI (Real Time Security Intelligence), capable of adding advanced analytical capabilities.

Most of these tools are not exclusive but, at least to a certain extent, complementary. Domain-specific solutions commonly coexist with generic solutions such as SIEM. Log collection and filtering can be used as sort of a pre-processor to SIEM, while SIEM again can sit in front of more advanced analytical solutions that are part of the emerging RTSI market.

For users, it is particularly important to understand their specific requirements and the capabilities of the various solutions. While some packages, particularly domain-specific approaches and, increasingly, RTSI, are focused on solution approaches, others, such as SIEM, are more technical tools that require adaptation to specific use cases. Both can fit the requirements of customers, depending on whether it is more of a domain-specific use case such as analyzing identity-related events or SAP-related events or whether it is more about having a tool that allows custom analysis for a variety of use cases.

Balabit syslog-ng is a product that can either be used for custom log analysis or as a tool sitting in front of SIEM solutions for collection, analysis and filtering of events before these are delivered to the SIEM tool. As the name implies, syslog-ng is a new-generation replacement for the standard syslogd (syslog daemon), a standard feature in Linux and Unix environments.

Although syslog-ng’s history goes back nearly two decades, Balabit continues to actively develop the product. Since we previously reviewed the product back in August 2015, the company has delivered several new releases, focusing primarily on integration with their latest product, Blindspotter, and various third party solutions, as well as on new management and configuration capabilities and performance improvements. 

2 Product Description

Balabit syslog-ng is offered in three different editions. All of these editions add a number of capabilities to the standard syslogd. The entry level ...

Login Get full Access

3 Strengths and Challenges

Balabit has greatly extended the standard syslogd utility towards enterprise-class solutions. This is already true for the Open Source Edition (OSE), ...

Login Get full Access

4 Related Research

Executive View: Balabit syslog-ng – 71201
Executive View: Balabit Shell Control Box – 71570
Executive View: Balabit Blindspotter – 71571
Advisory Note: Real Time Security Intelligence – 71033

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top