Q

Is it enough to analyse log files, or is an IDS necessary?

The more network data you have to analyse, the better. In this expert response, Peter Wood explains what tools can provide the information you need.

Peter Wood

First Base Technologies LLP

Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?

In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the SANS website for some excellent insight into this topic, especially its Top 5 Essential Log Reports document.

For more information:

A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.

This was last published in October 2009

Related Q&A from Peter Wood

How to ensure secure email exchange with external business partners

When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important.... Continue Reading

Alternatives to buying full-on network access control (NAC) systems

In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading

Database activity monitoring technology vs. SIEM tools

In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading

Read more on Network security management

All
News
In Depth
Opinion

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance ...
Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

AI luminary Fei-Fei Li was among a group of distinguished AI researchers asked to share their thoughts on how to develop ethical ...
Andrew Ng's AI playbook for the enterprise: 6 must-dos

AI legend and online education pioneer Andrew Ng has developed an AI playbook for businesses. Here are six must-dos.

SearchSecurity

Microsoft bets on ElectionGuard SDK to fortify election security

Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of ...
10 ways to prevent computer security threats from insiders

Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent...
'BlueKeep' Windows Remote Desktop flaw gets PoC exploits

Multiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched ...

SearchNetworking

The status of white box networking in the enterprise

Despite the benefits of white box networking, most enterprises are cautious about deployment. Use these five questions to ...
Could open switches be a game-changer for your network?

Before selecting campus edge switches, consider evaluating open switches -- versus switches from a traditional vendor -- and ...
What do you know about the history of Wi-Fi?

If you ever wonder how Wi-Fi got to where it is today, this quiz takes you through the vast history of Wi-Fi, from the first ...

SearchDataCenter

How do I size a UPS unit?

Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...
How to enhance FTP server security

If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...
3 ways to approach cloud bursting

With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

The main picks for Hadoop distributions on the market

Check out the current top Hadoop distribution vendors in the market to help you determine which product is best for your company.
Inside view of Tibco integration architecture planning

Tibco's acquisitions of well-regarded, small software specialists such as SnappyData are part of a drive toward what it calls '...
Lumina launches Radiance, a data risk management platform

In an effort to prevent data loss, Lumina launched Radiance, a SaaS data risk management platform. It collects and analyzes data ...

Close