First Base Technologies LLP
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?
In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the
SANS website for some excellent insight into this topic, especially its
Top 5 Essential Log Reports document.
For more information:
A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important....
Continue Reading
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ...
Continue Reading
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.
Continue Reading
Read more on Network security management
Start the conversation
0 comments