'

Businesses warned to check security logs

Mechanisms used by companies for detecting potential attacks against their systems and reporting the evidence to the authorities have some serious flaws, according to security experts.

Mechanisms used by companies for detecting potential attacks against their systems and reporting the evidence to the authorities have some serious flaws, according to security experts.

Speaking in London on Thursday, Symantec's European director of security practice, William Beer, said that, while many companies have invested in security products, they are often not maximising the potential benefits by following best practice.

"There's not enough being done to take advantage of investments in security software," Beer said. "You might have IPS [intrusion prevention systems] in a DMZ [demilitarised zone] or managed network, but are you looking at the logs? It's an administrative problem."

Most security systems log records of attempted intrusions or probes, but, if this information is not regularly checked, then companies are only seeing half the picture as far as their corporate security is concerned.

Beer said that, while he has spoken to some Symantec customers who scrutinise log data once a week or once a month, this is often not enough.

"How do you know the [security] system is operating correctly for your environment?" Beer said.

Despite Symantec's concerns, Cambridge University computer security expert Richard Clayton said a more pressing concern for businesses is making sure patches were managed correctly, and that users are educated about security issues.

"Top of the list [in security admin]: apply patches, since malware like MPack [a PHP-based malware kit] attacks in eight different ways," said Clayton.

"With virus checkers, frankly most of the stuff out there [on the Web] antivirus vendors like Symantec won't pick up at the point you see it. Businesses still use virus checkers and get screwed over -- there's a new attack and employees are clicking on links because they've not been told not to."

However, even when companies do check computer logs and find something suspicious, there is a lack of police contacts to report any suspicious findings to, according to one telecommunications technical director.

"We don't have anyone to report log data to in this country," said Alex Nikolov, technical director for VoIP company Sipera. "Where do you pass that data?"