Reviewing Equipment System Logs - Do I have to?

Management Guidelines
Risk Management

Pete Boergermann - BankInfoSecurity.com Contributor

Gone are the days when we could just throw a hub on a closet shelf, run a few network cables, connect some PCs and a server to it and have a network. Logs? What logs? Why would we want to look at them? Times have changed and most devices connected to your network have logging capabilities. These devices have the ability to produce large amounts of valuable data. But it can be overwhelming to manage. A new industry that creates technology to manage security event logs is just starting up. As this technology matures, we may end up with products that can correlate the data between devices and alert us to events on a global multi-device level. Maybe these new products will be able to learn and adapt to new event information, possibly make assessments based on trends, then send only the alerts that need to be acted upon. Now that securing of our networks is so important we should be asking questions like: “What do we log, and why?” “How often do we need to look at it and who should review them?” Then reality hits and these comments come to mind… ”I really have other things I need to do” “Reviewing them is boring and time consuming.” “I will get to them tomorrow.”


> Read entire article (log in required - registration is free)