After achieving a required level of information security, it is necessary to monitor the system's performance to ascertain whether that degree of safety is being maintained. Security products, from firewalls to intrusion detection systems, generate log files that must be reviewed at regular intervals. Log files may also contain information critical to incident investigations, and proper review will identify incidents that have occurred without other detection.

Sample Case

Customer: A Large American Utility Company
Services: Log Review
Problem: As part of an incident investigation, we reviewed the logs from a large number of computers, covering months of use.
Solution: An ESTec consultant reviewed the log files looking for evidence of a specific event, and generally for unusual events in the log file. Evidence pinpointed an individual who had been involved in causing an unauthorized computer shutdown at the utility. In addition, we found evidence of an impending hardware failure, which would have resulted in a loss of valuable information.
Results: The utility was able to discipline a malicious user and it also avoided an oncoming crash.