Log files are an essential part of your network security profile. Therefore, measures must be taken to do whatever possible to protect them.
Network attacks often leave traces in the logs on the systems. However, these traces can be removed by the attackers as long as the logs are available. Moving the logs off the servers is the first step. However, the log storage system is also “just” a server on the network and might get compromised as well. In order to prevent modification of the logs, they might be encrypted, but this still leaves them vulnerable to deletion.
Moving the log data to secure location not directly connected to the company network ensures that the logs can’t be modified or deleted by the attackers. Thus, giving the administrator a clear advantage on detecting, monitoring and stopping the attackers.
The Arbit Data Diode supports a number of brands, among them SYSLOG and Splunk.