Enterprises take sloppy approach to logging

If a new report from the SANS Institute is any indication, enterprises are jeopardizing security by taking a sloppy approach to log keeping.

As a result, the report recommends some companies abandon home-grown logging systems in favor of commercial tools or simply outsource the task. "If you go into a room full of IT managers and ask how many are working on home-grown log solutions, half the room will raise their hands," the report (not surprisingly) states. "Why is that bad? Because the guy who writes it leaves and doesn't document what he did or leave instructions behind. Then the person who takes over can't figure out how to interpret the logs or what to do if there's a problem."

Security experts have long advised that a clear audit trail is necessary to track suspicious network activity and quickly respond to security incidents. The report agreed, and said companies that decide to take it seriously should "buy a commercial tool and pray that it works" or "get help from a MSSP."

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1084856,00.html?track=NL-102&ad=512348