Q

Is it enough to analyse log files, or is an IDS necessary?

The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.

Peter Wood

First Base Technologies LLP
Published: 29 Oct 2009

Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?

In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the SANS website for some excellent insight into this topic, especially its Top 5 Essential Log Reports document.

For more information:

A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.

Related Q&A from Peter Wood

How to ensure secure email exchange with external business partners

When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important.... Continue Reading

Alternatives to buying full-on network access control (NAC) systems

In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading

Database activity monitoring technology vs. SIEM tools

In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading

Read more on Network security management

All
News
In Depth
Opinion

Latest News

Download Computer Weekly

In The Current Issue:
- CIO interview: Network Rail plans digital factory to accelerate modernisation
- What 5G applications will transform your business?
- Financial services and cloud: Delivering digital transformation in a highly regulated industry
Download Current Issue

Latest Blog Posts

Dynatrace: cloud is complex & convoluted, is AI the antidote? – CW Developer Network
To be strategic, IT companies must align with business strategy – Cliff Saran's Enterprise blog
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Home Depot CIO promotes in-house tech boot camp

For companies having trouble finding qualified IT professionals to hire, the solution may be closer than you think. Just ask Home...
CIO presentation to the board of directors: Candid tips from CIOs

Board presentations can be scary. The good news is CIOs can't go too wrong in a climate where boards are desperate to learn about...
Edge computing use cases must be driven by business value

For Schneider Electric and many other large enterprises that take a look at edge computing projects, the main criterion for ...

SearchSecurity

Broken WannaCry variants continuing to spread

Researchers are still seeing surprisingly high WannaCry detection rates and they worry this points to high risks because systems ...
Sinkholed Magecart domains resurrected for advertising schemes

Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and ...
IT/OT convergence is necessary, desirable, but not so simple

A secure IT/OT convergence requires a strategy that takes into account compliance requirements and likely threats and recognizes ...

SearchNetworking

SD-WAN vs. VPN: How do they compare?

When it comes to comparing SD-WAN vs. VPN services, enterprises choosing between the technologies should consider factors like ...
How does 5G network slicing work, and what are the benefits?

5G network slicing promises the delivery of a new generation of high-speed services, including the transmission of 4K and ...
Cisco CCNA practice test: Try these 20 exam questions

Use this CCNA practice test as study material to prepare for the Cisco CCNA Routing and Switching 200-125 exam. With 20 questions...

SearchDataCenter

New Dell EPYC servers embrace AMD Rome chips

Dell EMC goes from Naples to Rome with a new line of EPYC servers, including Ready Solutions for high-performance computing and ...
Can next-gen SIEM help cybersecurity initiatives?

More organizations are using SIEM, AI and cloud technology to minimize security breaches. Though despite interest, this ...
IBM z15 mainframe secures data across multi-cloud environments

IBM unveiled the latest in its line of mainframes capable of processing 1 trillion web transactions a day. The IBM z15 ...

SearchDataManagement

Swim DataFabric platform helps to understand edge streaming data

Swim released its new Swim DataFabric, which integrates with Microsoft Azure to help users organize and gain insights from ...
Dremio Data Lake Engine 4.0 accelerates query performance

Dremio issues a new platform update, defining itself as data lake engine technology that looks to help users connect and query ...
Weighing the use of third-party database administration tools

Database expert Chris Foot details the key reasons why DBAs should consider using third-party database administration to fill ...

Close