Where there are logs, there is usually an overwhelming amount of log data. This makes it hard for an organization to spot security problems. How do you find the one packet among millions that indicates someone is sending proprietary information out of the enterprise?
Let’s illustrate how it is possible to drill down and find that single suspect packet through a series of screenshots. As an example interface, we’ll use NetIQ’s Security Manager v 6.0 to demonstrate the filtering process. You can read more with my tip published on SearchSecurity.com.