Home > Security Tips > Network Security Tactics > Establishing a practical routine for reviewing security logs
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK SECURITY TACTICS

Establishing a practical routine for reviewing security logs


Lenny Zeltser
09.19.2006
Rating: -2.68- (out of 5)


Network Security Tactics
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


The term security information management (SIM) refers to the discipline of collecting and analyzing security events to detect or investigate malicious activities. Essential to this process are the individuals who review the gathered data and decide whether the events constitute an incident and should be escalated. Information security logs that are not regularly reviewed are hardly useful and can be a liability to an organization.

Sometimes reviewing security logs can be fun. Don't get me wrong -- sifting through mounds of data to identify the notable events is not always my favorite pastime. However, the pursuit of correlating seemingly unrelated events, determining the cause of an unusual alert or detecting an intrusion at its onset can be pretty rewarding.

Even though the review of security logs is cri



tical to the success of a SIM program, doing so regularly and comprehensively is not easy. Here are a few recommendations for establishing a process to ensure that important events don't go unnoticed:

A practical routine for reviewing security logs is regularly scheduled, partially automated, alternated among team members, and linked to problem resolution. Not only will such processes bring vigilance to the log-reviewing duties, but it will also ensure that an organization gets the most out of the valuable data captured by the its SIM systems.

About the Author:
Lenny Zeltser is the information security practice leader at Gemini Systems LLC, a New York-based IT consulting firm, and an instructor at SANS Institute. More information about his projects and interests is available at www.zeltser.com.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Network Security Tactics,   Network Intrusion Detection and Analysis,   Security Event Management,   Enterprise Network Security,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Network Security Tactics
Screencast: Samurai offers pen-testing nirvana
Firewall rule management best practices
Chained Exploits: How to prevent phishing attacks from corporate spies
Rootkit Hunter demo: Detect and remove Linux rootkits
Enterprise UTM security: The best threat management solution?
Making the case for network security configuration management
An inside look at security log management forensics investigations
How to find sensitive information on the endpoint
How to perform Microsoft Baseline Security Analyzer (MBSA) scans
How to spot attacks through Apache Web server log analysis

Security Event Management
Mature SIMs do more than log aggregation and correlation
SIMs tools and tactics for business intelligence
SIEM: Not for small business, nor the faint of heart
Tying log management and identity management shortens incident response
How to estimate log generation rates
SANS Log Management Survey is "Looking for the ROI"
Review system event logs with Splunk
Virtual network tool gives firm view into virtualized environment
Mining enterprise SIM logs for relevant security event data
Quiz: Getting the most out of your SIM deployment

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts