Q

Is it enough to analyse log files, or is an IDS necessary?

The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.

Peter Wood

First Base Technologies LLP

Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?

In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the SANS website for some excellent insight into this topic, especially its Top 5 Essential Log Reports document.

For more information:

A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.

This was last published in October 2009

Related Q&A from Peter Wood

How to ensure secure email exchange with external business partners

When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important.... Continue Reading

Alternatives to buying full-on network access control (NAC) systems

In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading

Database activity monitoring technology vs. SIEM tools

In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading

Read more on Network security management

All
News
In Depth
Opinion

Latest News

Download Computer Weekly

In The Current Issue:
- Interview: John Seglias, chief digital information officer, Defra
- Interview: Matthew Gould, chief executive of NHSX, on transforming health service technology
- Choose tools to prevent communication overload
Download Current Issue

Latest Blog Posts

How long before the shareholders break up BT? – When IT Meets Politics
Code Club: four perspectives on Code Club and the tech pipeline – ITWorks
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

How edge computing differs from decentralized computing

Edge computing isn't about sticking servers and storage in a branch location. Learn the critical differences between edge and ...
Facebook's Libra project -- why enterprises should prepare

Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the ...
Ransomware attacks: How to get the upper hand

Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is ...

SearchSecurity

Enzoic for Active Directory brings continuous password protection

Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live ...
Understand the basics of email security gateways

Email security gateways protect enterprises from threats such as spam and phishing attacks. This article explains how these ...
CyberArk brings updates to privileged access security offering

CyberArk introduces CyberArk Alero to its privileged access management product lineup, in addition to other endpoint management ...

SearchNetworking

An introduction to smart NICs and their benefits

This introduction discusses how smart NICs work and how they can benefit data center servers. It also explores the smart NIC ...
What are the features and benefits of 5G technology for businesses?

In addition to high speeds and low latency, the emergence of 5G cellular technology could put some pressure on the market prices ...
Why did operator NFV adoption lag so much?

NFV adoption was hampered by high costs and deployment issues, according to one industry insider. Also, learn about the latest on...

SearchDataCenter

3 ways to benefit from open source infrastructure

Using open source infrastructure can reduce operating costs and streamline upgrades, but it's important to weigh the pros and ...
IBM mainframes face competitive pressures inside and out

IBM's mainframe business continues to be under pressure from cloud-based competitors, and perhaps even its own Power server. ...
Linux features beyond server management

Due to its open source nature, Linux is constantly gaining new capabilities. Here's a look at some common use cases and features.

SearchDataManagement

11 real-time data streaming roadblocks and how to overcome them

Experts detail common challenges that IT teams encounter when deploying and managing real-time data streaming platforms and offer...
Snowflake product VP expounds on data warehouse for the cloud

In this Q&A, Christian Kleinerman, vice president of product development at cloud data warehouse vendor Snowflake, talks about ...
RavenDB Cloud automates database management

RavenDB's managed cloud database service, RavenDB Cloud, intends to automate security processes, reduce overhead and cater to ...

Close