It doesn't seem like the author has much experience with security, which is what you'd expect from a technical marketing manager - it sounds reasonable but the real goal is convincing you to buy Ronco spray-on-security appliances.
Log files have never been intended as a security measure in the same way as a firewall, but it's naive to claim that they don't improve security. The concept the author is missing is that security is a process, not a software feature. Log files address several key parts of the security process:
1. Damage containment: if someone does compromise a system, logs are your way to catch that as early as possible - the difference between, say, someone at your bank getting malware and their authorization credentials being stolen. Identifying failures can be done close to real-time so it's realistic to be able to do things like quarantine desktops which suddenly acting like botnet nodes.
2. Verifying normal functionality: things like security updates being installed and services restarted, whether your admins are following correct policy, etc. This stuff matters a lot in any large-scale environment and while you can get a lot using a security scanner, logging is faster, safer and easier in many situations.
3. Identify anomalous behaviour: the classic example is adding firewall rules to drop traffic from hosts which attempt noisy attacks but this can also apply to things like banks notifying their customers that their browser is outdated, showing signs of being compromised, etc. Having actual data makes many security decisions a LOT easier.
Log files have never been intended as a security measure in the same way as a firewall, but it's naive to claim that they don't improve security. The concept the author is missing is that security is a process, not a software feature. Log files address several key parts of the security process:
1. Damage containment: if someone does compromise a system, logs are your way to catch that as early as possible - the difference between, say, someone at your bank getting malware and their authorization credentials being stolen. Identifying failures can be done close to real-time so it's realistic to be able to do things like quarantine desktops which suddenly acting like botnet nodes.
2. Verifying normal functionality: things like security updates being installed and services restarted, whether your admins are following correct policy, etc. This stuff matters a lot in any large-scale environment and while you can get a lot using a security scanner, logging is faster, safer and easier in many situations.
3. Identify anomalous behaviour: the classic example is adding firewall rules to drop traffic from hosts which attempt noisy attacks but this can also apply to things like banks notifying their customers that their browser is outdated, showing signs of being compromised, etc. Having actual data makes many security decisions a LOT easier.