Security Management Strategies for the CIOAccess "Firewall and system logs: Using log file analysis for defense"
This article is part of the June 2004 issue of Exposed: Why your AV software is failing to protect you
What do you do with your firewall and system logs? Typically, you collect them and back them up--and that's about it. But there are gold nuggets of useful info hidden in those logs that, ironically, many organizations ignore because they incorrectly believe the extraction tools are complicated and expensive. One of the great things about log analysis is that it's relatively easy to implement for a few dozen important servers. Sure, you can spend a lot of money on expensive systems and databases (and many organizations do), but all you need is a desktop PC, a few rudimentary scripts and some patience to get your feet wet. Think of it this way: How much money does your company spend on firewalls and IDSes? It's probably a lot, right? And yet they collect and analyze the information collected in--you guessed it--log files. There are gold nuggets in your discarded logs. Discarding or ignoring logs should be a crime. Think about all the useful intelligence you can draw from this well: Do you know how many of your corporate desktops are infected with spyware? Your... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Antivirus software comparison, 2004: Not all AV products are equal
Your desktop AV may be leaving you wide open to attack.
-
NAC best practices and technologies to meet corporate security policy
by Curtis Dalton, CISSP
New solutions help you secure endpoints
-
Antivirus software comparison, 2004: Not all AV products are equal
-
-
Physical and IT Security: Overcoming Security Convergence Challenges
Physical and IT security convergence seems just one leap away...and may remain that way. Learn how to overcome security integration challenges.
-
Six Sigma and CMM models offer security best practices
Security can learn a lot from Six Sigma, CMM and other established business methodologies.
-
Physical and IT Security: Overcoming Security Convergence Challenges
-
Columns
-
Unintentional benefits: Attackers force search for better Trojan virus protection
by Lawrence M. Walsh
Editor Lawrence M. Walsh says creative attackers are unintentionally aiding the search for better security defenses.
-
Firewall and system logs: Using log file analysis for defense
by Marcus Ranum
Log analysis is the most under-appreciated, unsexy aspect of infosecurity, yet Marcus Ranum says it's one of the most important.
-
Prevent data loss, theft with secure data outputs
by Pete Lindstrom, Contributor
To secure data outputs, some organizations are going a step further by deploying data protection systems for specific applications.
-
Linux malware: Challenges of the Linux worm
Should Linux users brush off concerns about malware plagues? Short answer: No. Learn more about Linux malware and the challenges posed by the Linux worm.
-
Internal security controls and business continuity go hand in hand
Learn the top four quality of security beliefs and see why better security means better quality.
-
Unintentional benefits: Attackers force search for better Trojan virus protection
by Lawrence M. Walsh
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...