The Journal - a proposed syslog replacement
Posted Nov 22, 2011 20:27 UTC (Tue) by raven667
In reply to: The Journal - a proposed syslog replacement
Parent article: The Journal - a proposed syslog replacement
Wow, if only all of this energy were spent solving the real problem (how the attacker gets in) rather than the tangential problem (how do we know he got there), perhaps all of this would be rendered... moot?
If only the world were that simple. You are never going to be able to prevent a motivated attacker from getting into your system. That's not really practically possible, new vulnerabilities will be discovered at the same rate or faster than you can plug them. What you can do, and what is a better use of resources, is a strong audit capability so that you can throw the bums out as soon as they get in, hopefully before they can cause serious damage. Not that you shouldn't patch as well but all the patching in the world will never be enough.
The world is a harsh place, you can't prevent all bad things from happening all the time but you can respond quickly with strength and resilience when they do.
to post comments)