Home > Ask the Information Security Experts > Network security threat management Questions & Answers > Is it enough to analyse log files, or is an IDS necessary?
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

Is it enough to analyse log files, or is an IDS necessary?

Peter Wood EXPERT RESPONSE FROM: Peter Wood

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Enterprise IT tips and expert advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 14 October 2009
Is it enough to analyse log files or it is necessary (or beneficial) to have an IDS feed to SIM/SEM as well? Will correlated logs provide enough information to pinpoint a security issue or does signature-based IDS provide me with an additional view, which cannot be replaced with just logs?

>
In principle, the more data you have to analyse, the better. A good IDS can give you invaluable information about attack types and help put log entries into context. I recommend visiting the SANS website for some excellent insight into this topic, especially its Top 5 Essential Log Reports document.

For more information:

  • A student from Royal Holloway University explains how machine learning can be harnessed to improve many aspects of information security including intrusion detection.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Network security threat management
    Database activity monitoring technology vs. SIEM tools
    What to look for in a network security audit
    How to address a spike in TCP and UDP flows
    How secure are extended validation SSL certificates?
    What should happen to users and devices that fail NAC policies?
    When to use a unified threat management system
    Cloud computing network security best practices
    When IT security costs are cut, which security product is a must?
    What considerations should be made when outsourcing IT infrastructure?
    When running Wireshark, will adding a switch stop packet sniffing?

    Network Security Monitoring: Tools and Systems
    Microsoft security tools: MBSA and MSAT explained
    Network security 101: Default router settings, network hardening
    Network security 101: Password policy best practices, security documents
    Adobe vulnerability: Pen test firm finds ColdFusion admin page flaw
    First of data loss prevention vendors touts downloadable DLP software
    Law firm security gets positive verdict with UTM device
    Database activity monitoring technology vs. SIEM tools
    Security event log management streamlines netsec for call centre
    Single sign-on technology for health care helps medics roam securely
    Considerations for buying and implementing DLP solutions 2

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary







    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Access Management: Authentication, Biometrics, Password Security
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2008 - 2010, TechTarget | Terms of Use | Read our Privacy Policy     		  TechTarget