Event Logging Best Practices
Event log management and response might be one of the most neglected areas of security management. Many security managers rely on users or security bulletins from operating system and application vendors to decide when it's time to take action on a possible security compromise. By the time these announcements have hit the Internet, it's usually too late for administrators to react. Assets have already taken a hit, and damage has already been done.
NOTE
This fact, by the way, is the number one reason you should have CSA installed on all your systems. Customers who had CSA deployed during all the largest attacks, including Code Red, Nimda, Sasser, and Slammer, suffered no downtime at all.
The problem to be solved in ...
Get Securing Your Business with Cisco ASA and PIX Firewalls now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
