QOTD - Northcutt on Incident Response

The majority of security appliances report what happened, but not who was behind the activity, historical information about that system or similar events.
With log monitoring, nothing succeeds like success.
Logging, which is usually considered dull and boring work, becomes exciting. -- Stephen Northcutt, President of the SANS Technology Institute
Src: Whodunnit? | SearchSecurity.com

No comments: