Roger Grimes made this remark on InfoWorld when he commented on the 2012 Verizon Data Breach Investigations Report that was released last week. What he said was: "You should enable event log monitoring on all managed workstations and servers. Don't make the mistake of only monitoring servers -- 99 percent of the malicious action begins on a regular end-user's workstation before it spreads to the servers holding the data. Often, by the time attackers reach the servers, they are operating with an elevated end-user's credentials, and event log monitoring becomes much tougher." This is a warmly recommended article called: "What to monitor to stop hacker and malware attacks".
Cancel
