Many companies mistakenly assume that unauthorized access is an external threat only. The majority of corporate security threats actually stem from internal sources, against which a firewall offers no protection.
A good security strategy includes real-time monitoring for critical security events and periodic analysis of your systems' security logs so that you can detect and respond quickly to attack. In fact, when reviewing the general controls of a corporation, public auditors and regulatory agencies define security log monitoring as a necessary best practice and a part of performing due diligence.
To monitor event logs effectively, you need an automated way to back up and clear the event logs network-wide and to archive them in a central database. This archiving needs to be done with some intelligence, noise has to be removed and a sensible description added. Without doing this, you will suffer from the following limitations:
Windows NT/2000/XP/2003 logs a large ratio of unimportant events, such as workstations polling a domain controller for Group Policy updates. This makes analysis of the data without prior archiving and cleaning difficult to impossible.
Security incidents result in loss of operations, business, customers and revenue. Recovery is often a time consuming and expensive process. GFI EventsManager™ offers a 24/7 real-time intrusion detection and alerting system and an early warning signal to enable intrusion countermeasures. It also provides extensive rules to detect insider attacks.