How do you detect if you’re breached? How can you determine what steps the attacker took to penetrate your system?
Without sufficient logging and monitoring, you can’t detect breaches. Logging and monitoring give you an opportunity to stop an attacker in their tracks. Telemetry, logging, and monitoring enables digital forensics and post-mortem after a breach. Logging and monitoring are essential components in ensuring that you can detect any suspicious activity in close to real time, or diagnosed after the fact.
More importantly, collecting this data is useless without actively reviewing it or having alerting rules in place.
Make sure to sanitize the data to prevent from over-logging or storing sensitive information as logs.
Establish effective monitoring and alerting mechanisms. Ensure that sign in and access-control failures are logged with sufficient user context for identifying suspicious or malicious accounts. Take advantage of different logging levels (Info, Warning, Error, and so on) and log destinations. Avoid server-side error details from ever reaching client side, which can result in leaking your system’s implementation details.
isaca certification training courses malaysia
Leave a Reply