Q

Is it enough to analyse log files, or is an IDS necessary?

The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.

Peter Wood

By

Peter Wood, First Base Technologies LLP

Published: 29 Oct 2009

Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?

In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the SANS website for some excellent insight into this topic, especially its Top 5 Essential Log Reports document.

For more information:

A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.

Related Q&A from Peter Wood

How to ensure secure email exchange with external business partners

When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important.... Continue Reading

Alternatives to buying full-on network access control (NAC) systems

In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading

Database activity monitoring technology vs. SIEM tools

In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading

Read more on Network security management

All
News
In Depth
Opinion

Latest News

Download Computer Weekly

In The Current Issue:
- Disabled consumers left logged out of retail’s digital revolution
- Low-code and no-code development platforms
- How to break free from traditional desktop productivity
Download Current Issue

Latest Blog Posts

Wagestream gives staff alternative to payday lenders: Fintech interview 30 – Fintech makes the world go around
PDP gaming accessories, worth a shot (or two) – Inspect-a-Gadget
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Risk-based digital identity benefits CIOs, CMOs and customers

Asking customers to reaffirm their digital identities by sharing private information undermines CX and data security. Instead, ...
Agile practices endure and continue to adapt

As the 20th anniversary of the Agile Manifesto approaches, Agile practices remain vital to software development and are being ...
Mark Schwartz dives into risk management in War and Peace and IT

Get an inside look into Mark Schwartz's new book, War and Peace and IT, with a chapter excerpt on risk and opportunity, as...

SearchSecurity

How and why data breach lawsuits are settled

For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data ...
Application Guard to block malicious attachments in Office 365

Microsoft is bringing the Application Guard security container to Office 365 ProPlus this year, which could limit the threat of ...
A fresh look at enterprise firewall management

Enterprises need to know where and how to install firewalls for maximum protection. Find out firewall management best practices ...

SearchNetworking

Juniper taps Mist Systems for wired, wireless LAN analytics

Juniper Networks is using its Mist Systems acquisition to provide cloud-based analytics for a wired and wireless LAN built with ...
After a data breach occurs, follow this network security checklist

Before a network breach occurs, you should already have a response plan in place. To make sure you're taking a proactive approach...
Explore evolving network performance monitoring tools

The network performance monitoring market is changing to address the emergence of IoT and AI. Read more about the NPM market ...

SearchDataCenter

Microsoft quantum development turns toward hardware

Microsoft revealed plans to jump into the quantum hardware business with a chip capable of running quantum software.
Top 5 options for Linux certifications

Are you ready to expand your Linux knowledge? Here's a look at the latest courses, training content and exams available from ...
New hardware, use cases shape server benchmarking needs

Advancements in server hardware help admins address the latest data-intensive use cases. But this brings questions about the ...

SearchDataManagement

Managing unstructured data is crucial to enterprises' AI goals

Unstructured data makes up a huge portion of most businesses' data volume. But, with data-hungry AI systems coming online, making...
ScyllaDB set to improve NoSQL database performance

ScyllaDB has been helpful for big organizations such as Comcast, which was able to trim from nearly 1,000 database nodes to 78 ...
Translytical data platforms provide options to unify databases

Forrester identifies top vendors in the translytical database category and common elements that help make the unified database ...

Close