Don't Ignore Lowly Log Analysis
Computerworld -
Ever take a look at the computer security hardware and software products available these days? The number of them is staggering. They promise to (and for the most part do) help keep your workstations and servers secure. Nonetheless, although these routers, firewalls and intrusion-detection and -prevention systems spit out valuable information in the form of log files, too many organizations ignore or discard those logs.
It's unfortunate that log analysis is often overlooked as a vital part of an enterprise's computer security. While organizations may spend piles of hard-earned revenue on the latest and greatest in hardware and software, they continue to ignore the logs generated by those products. Sadly, hidden within those logs are nuggets of information that can prove invaluable.
One reason companies ignore logs is that the tools and knowledge for making use of the information they provide are often not available or are considered too cumbersome. Some log outputs may be innocuous, while others are critical.
According to Marcus J. Ranum, co-creator of www.loganalysis.org and chief of security at Tenable Network Security Inc., "System logs are one of the great overlooked resources in computing today. Folks spend lots of money buying IDS but don't look at their firewall logs -- that's backwards! In fact, many organizations don't even turn on logging in their firewall (because of inaccurate concerns about 'performance'), which means they are losing an incredibly valuable resource."
It's not hard to see why security and network managers are apprehensive about logs. Log analysis can be a double-edged sword, mostly because it precludes security managers from ignoring certain security issues. To wit, "comparing firewall 'permit' logs with a blacklist of spyware sites can give a very illuminating -- or horrifying -- picture," according to Ranum.
Those in IT need to remember that logs aren't just security tools; they are also management and performance tools because they tell you if your link is reliable. Logs alert you if your system went down, then record when and for how long the interruption lasted. From a security standpoint, logs can tell you if your Internet link is largely used for file-sharing traffic or that more than three quarters of your desktops have been infected by spyware. These facts shed some light on the reasons behind avoiding log reviews. "If ignorance is bliss, actually looking at your logs may remove that bliss," says Ranum.
Vendors are noting this aversion to log analysis and are taking steps to reverse the trend. Currently, firewall vendors inundate users with the large volumes
Security
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

