To remain competitive in the digital age, organizations frequently introduce new hardware devices and software installations to their IT environments. The problem is that these assets might suffer from vulnerabilities that attackers could misuse, if unpatched, to change a device’s configuration or make unauthorized modifications to some of the organization’s important files.

Either of these scenarios could help threat actors to establish an initial foothold on the network, access which they could then leverage to move laterally to other systems, exfiltrate important data, and overall cause additional harm.

Companies can leverage security configuration management (SCM) and file integrity monitoring (FIM) to address some of these risks and to reduce their attack surface. However, organizations cannot hope to adequately secure their infrastructure unless they have an accurate idea of what is happening in their environment.

To achieve that level of visibility, they must turn to log management.

Understanding the Basics

Here’s a high-level overview of how logs work. Each event in a network generates data, and that information makes its way into the logs, records that are produced by operating systems, applications, and other devices. Logs are crucial to security visibility. If organizations fail to collect, store, and analyze those records, they could open themselves to digital attacks.

The Center for Internet Security (CIS) agrees with this sentiment. That explains why the non-profit entity included log management in Version 8 of its Critical Security Controls (CSC). It also includes why CIS included three of the 12 Safeguards associated with CIS Control 8: Audit Log Management in its first Implementation Group (IG1), a means of prioritization by which organizations can achieve basic cyber hygiene.

Organizations put their threat detection efforts at risk if they don’t invest in log management. As an example, here CIS puts the threat of insufficient log management into (Read more...)