Packets Matter is an op-ed series advocating the use of PCAP as the primary source of intelligence in enterprise network security. One of the common questions I hear at the vendor booths of cyber security conferences is, “Do you monitor logs?” If you work for a large enterprise, your network security team probably monitors logs for breaches and other incidents. Logs are often the first and only source of information available to incident responders. This is an unfortunate trend, because logs will rarely support an effective response to advanced persistent threats (APTs), such as the recently disrupted Chinese cyber espionage group, Axiom. Let’s take a look at three critical failures of logs in the network security process, and understand how a more advanced technology – packet capture (PCAP) – can shift the advantage from APTs to incident responders.
Read more about the author: