Overall, "that is really not very much time spent getting familiar with logs," the SANS report states. "Given the advanced threats they are struggling with, we would have expected the time organizations spend on log analysis to increase, not decrease. We cannot stress enough that the best way for organizations to quickly detect abnormalities is to gain understanding of their baseline or 'normal' activity by reviewing/analyzing log data on a regular basis."
The SANS report points out that "SIEM-type tools, including log management tools with analysis and reporting options, will help organize and identify patterns and activities that are generally recognized as indicators of problems. Yet, 58 percent of organizations are not anywhere close to that level of automation."
At the same time, the SANS report emphasized that automated tools cannot be viewed as a complete substitute for the people who are log analysts who develop a "sixth sense" about traffic anomalies and security because they spend some time every day looking at log data.
When it came to defining difficulties, trying to detect so-called "advanced persistent threat" attacks -- APTS being the term to describe stealthy intrusions into the network to steal sensitive information -- ranked as the toughest problem, according to the survey, with 85 percent this year reporting this as an issue in comparison with 65 percent last year.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about Wide Area Network in Network World's Wide Area Network section.