"Monitoring" was not part of the equation and that's part of the problem. The implication in the cited article was that logs IN AND OF THEMSELVES result in better security. That's simply not true. Monitoring logs is better, but analysis and even reactive tools that make use of those logs is better. That improves security, but log files don't..
Absolutely agree that logs are an enabler of security. Either someone needs to look at them (analysis) or they need to be leveraged via third-party tools (if you're looking to do more real-time analysis or catch a breach in progress).
And very good point on the investigation aspect - I was thinking more external facing (breach) but there's also good for internal facing (infection/containment).
Absolutely agree that logs are an enabler of security. Either someone needs to look at them (analysis) or they need to be leveraged via third-party tools (if you're looking to do more real-time analysis or catch a breach in progress).
And very good point on the investigation aspect - I was thinking more external facing (breach) but there's also good for internal facing (infection/containment).