Ignore logs at your own peril!

by Anton Chuvakin

Related link: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1084856,0…



Here is a fun, but somewhat confused piece on logs and audit trails. The key item in the paper is that if you are using a homegrown log collection and analysis solution, you'd need to consider a commercial one i.e. a SIM product. You'd be better off! The paper also contains a distrubing quote from Stephen Northcutt of SANS: "For the smaller guys, it can be cheaper to pay the fine than pay for everything needed for full compliance." It is pretty bad if a cost of compliance is higher than a cost of non-compliance...