After achieving a required level of information security, it is
necessary to monitor the system's performance to ascertain whether
that degree of safety is being maintained. Security products, from
firewalls to intrusion detection systems, generate log files that
must be reviewed at regular intervals. Log files may also contain
information critical to incident investigations, and proper review
will identify incidents that have occurred without other detection.
Customer: A Large American Utility Company
Services: Log Review
Problem: As part of an incident investigation, we reviewed the logs
from a large number of computers, covering months of use.
Solution: An ESTec consultant reviewed the log files looking for
evidence of a specific event, and generally for unusual events in
the log file. Evidence pinpointed an individual who had been involved
in causing an unauthorized computer shutdown at the utility. In
addition, we found evidence of an impending hardware failure, which
would have resulted in a loss of valuable information.
Results: The utility was able to discipline a malicious user and
it also avoided an oncoming crash.