Is it enough to analyse log files, or is an IDS necessary?
The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.
Computer Weekly's Buyer's Guide to GDPR Part 2
In this 12-page buyer’s guide, we look at the tools that could be used for compliance, the incentive to create a smarter, leaner business, and the myths surrounding the new rules.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?
In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the
SANS website for some excellent insight into this topic, especially its
Top 5 Essential Log Reports document.
A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.
For more information:
This was last published in October 2009
Start the conversation
0 comments