Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?
In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the
for some excellent insight into this topic, especially its
Top 5 Essential Log Reports document
For more information:
A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important....
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ...
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.
Read more on Network security management