Event logs are the basic text of what happens in your corporate systems. So why do so many companies ignore them? The business equivalent to the personal -security sin of using the word “PASSWORD” as your password: Not collecting and reviewing the data from all your system logs. Chances are you’re not doing that. And you should feel guilty about it. But you can take some comfort in knowing you’re not alone. “Relatively few do it,” says Sherri Davidoff, co-author of the startlingly well-written new book Network Forensics: Tracking Hackers Through Cyberspace. “Mostly it’s companies in the financial sector which are at risk of losing money directly from being attacked.” The truth is most companies don’t know when they’ve been hacked. That’s not just Davidoff’s opinion. I’ve been told the same thing by folks in the security industry and in law enforcement. One agent from the FBI said he stopped counting the number of times he told IT execs about attacks that they knew nothing about. Why does this happen? Companies don’t regularly review their event logs to see what’s going on in their own systems. It astounds me that checking event logs is so uncommon. It’s kind of like checking to make sure you didn’t leave the key in your door lock, folks. You’re probably wagging your head in disbelief, too, because no CIO.com reader could be that clueless…could they? Just in case you decide to pass this post along to someone who works at one of those other companies, I will explain why event logs matter: They contain lots of info directly relating to your network, like DHCP lease histories and/or network stats. They include records of network activity including remote login histories. Because they have been transmitted over your network they create network activity. If you want to find anomalies or unauthorized/unexpected users, the information is all there in event logs. What is even more baffling about the fact that these logs so frequently go unreviewed is that companies don’t have to check logs manually. They don’t have to sort through all the different log formats to figure this stuff out. There are a lot of programs that will do all of this. All you have to do is read the report. “You want to make sure you’re not the lowest fruit on the tree; that you’re not the most vulnerable,” says Davidoff. “Fortunately or unfortunately, that’s not that hard to do.” PS: I read a lot of computer-related books. In most cases I would rather try to read machine code. That is why I have to point out that Network Forensics is actually well-written. It is a text book that you can read and really learn things from. You probably went to college, so I don’t have to tell you how rare that is. Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe