Wednesday, November 29, 2006

Are YOU Ignoring Logs?

So, as I said, DarkReading published this fun list of commonly overlooked aspects of security and one of them is - surprise, surprise! - related to logging. The specific item is "Analyzing trends in security log files," but it applies in general to ignoring logs, at significant peril to your organization.

As usual the log volume is called out as the primary reason for behaving stupidly ("
In fact, most IT and security pros have so much log data that they typically only skim it, or ignore it altogether.") BTW, I am preparing a longer post to illustrate just how much data that can be...

At the same time, it is certainly nice that
DarkReading chose to quote the experts in their piece :-) Even though their obsession with NBAD (in this context) is puzzling... They also seem genuinely confused about the relationship between SIEM/SIM, NBAD and log management.

Dr Anton Chuvakin