Event log management and response might be one of the most neglected areas of security management. Many security managers rely on users or security bulletins from operating system and application vendors to decide when it's time to take action on a possible security compromise. By the time these announcements have hit the Internet, it's usually too late for administrators to react. Assets have already taken a hit, and damage has already been done.
This fact, by the way, is the number one reason you should have CSA installed on all your systems. Customers who had CSA deployed during all the largest attacks, including Code Red, Nimda, Sasser, and Slammer, suffered no downtime at all.
The problem to be solved in ...