Is it enough to analyse log files, or is an IDS necessary?

The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.

Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?
In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the SANS website for some excellent insight into this topic, especially its Top 5 Essential Log Reports document.

For more information:

  • A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.
  • This was last published in October 2009

    Read more on Network security management

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.






    • How do I size a UPS unit?

      Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

    • How to enhance FTP server security

      If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

    • 3 ways to approach cloud bursting

      With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...