NSA releases event logging best practices
To help owners and operators of national security systems, the Department of Defense, and the Defense Industrial Base protect against malicious actors using living off the land (LOTL) techniques, the National Security Agency (NSA) is joining the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and international co-authors in releasing “Best Practices for Event Logging and Threat Detection,” a Cybersecurity Information Sheet (CSI), the NSA announced August 21.
The publication details best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices, and operational technology (OT) networks to ensure continued delivery of critical systems. The guidance is for senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, and network operators.
“It is essential for organizations to strengthen their resilience against living off the land techniques that are pervading today’s cyber threat environment,” Dave Luber, NSA cybersecurity director. “Implementing and maintaining an effective event logging solution improves the security and resilience of systems by enabling network visibility and quicker incident response.”
The CSI follows the February 2024 joint-sealed Cybersecurity Technical Report (CTR), “Identifying and Mitigating Living off the Land Techniques,” which sheds light on LOTL techniques and how to identify and protect against advanced persistent threats (APTs) using these techniques.
This publication details four key factors to consider when pursuing logging best practices – enterprise approved logging policy; centralized log access and correlation; secure storage and log integrity; and detection strategy for relevant threats.
Other allies joining ASD ACSC and NSA on the release are the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Department of Justice (DOJ), the Canadian Center for Cyber Security (CCCS), the New Zealand National Cyber Security Center NCSC-NZ) and CERT NZ, Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and JPCERT/CC, the Republic of Korea National Intelligence Services (NIS) and NIS’s National Cyber Security Center (NCSC-Korea) and the Singapore Cyber Security Center (CSA).
Source: NSA
IC News delivers the situational awareness you need to get ahead and stay ahead in the IC contracting space. Subscribe today for full access to 10,000+ articles, plus new articles each weekday.