What is thread detection? Threat detection is a key practice to information security. Identifying threats and detecting them on time helps to ensure enterprise security. If a threat is detected, then mitigation efforts must be enacted to properly neutralize the threat before it can exploit… Read More »Threat Intel – a Crucial Part of Cybersecurity
The approaching Easter holidays can bring a cyber security risk to businesses. The shortage of staff creates an urgency for organizations to have cyber security plans. For example, in 2021, the planned Kaseya ransomware attack happened on the 4th of July. Russian hackers knew there… Read More »Cyber Security Tips for the Easter Holidays
GDPR enforcement (and therefore fines) has been on the rise recently. And after the initial “compliance on paper” that many consultants offered, it’s time to address the cybersecurity aspects underlying GDPR. We have previously addressed the logging requirements of GDPR and now we are going… Read More »The Importance Of Security Logs For GDPR Compliance
Logs in the IT context are a piece of evidence, automatically generated and time-stamped when a certain event happens. All information systems produce some kinds of logs. For the security and compliance teams, the most common usage of logs is detecting anomalous activities, validating a… Read More »Log Analytics for Business Process Management
VPN in Time of Pandemic: Best Practices In the times of the COVID-19 crisis, many employees are working from home. The general best practice is to allow them to connect to the corporate network through VPN. That is important for the security of the organization… Read More »VPN Logs: Best Practices of Monitoring and Detecting Anomalies
Log Integrity Capabilities of SIEMs Log integrity and non-repudiation are key properties of audit logs. As SIEMs are usually the way to collect audit logs (among many other things) in large organizations, we have to make sure they give us those properties. We have discussed previously that it’s not… Read More »Log Integrity: How SIEMs Address the Issue and Is It Enough?
Logs are ubiquitous in IT – they are semi-structured pieces of information about the behavior of a system and its users. Many standards, regulations and best practices assume and require the existence of logs. Consequently, many systems collect those logs and make use of them for… Read More »Log Collectors Landscape: SIEM, Log Collectors, UEBA, and Audit Trail
It is for a good reason that “integrity” is one of the three main aspects of information security. Lack of data integrity can be a serious issue in many cases, as we have already discussed in our post “3 Reasons Not to Ignore Data Integrity”.… Read More »Does Your SIEM Guarantee Log Integrity? And Does It Make You Compliant?
Most large enterprises are using SAP’s ERP system. And the larger the enterprise is, the more compliance requirements it has to cover. This means, in part, that it’s vital to have the SAP Security Audit Log enabled, properly configured, and properly protected. What is SAP Security… Read More »How to Protect Your SAP Audit Logs
Non-repudiation is a key property in many contexts – it means that the author of some message cannot deny that they produced the message. This property has a particular meaning in the context of audit trail and logs in general. As pointed out by Eric Knapp:… Read More »Why You Need Non-Repudiation of Logs and How Blockchain Helps
There are a lot of products that allow collecting data, aggregating it, and displaying it for security or monitoring purposes. That includes SIEMs (Security information and event management systems), UEBAs (User and entity behavior analytics), log collectors, and catch-all multi-purpose data platforms (like Splunk). And… Read More »Track Events You Have Not Tracked Before
Digital Identity is a hot topic and is applicable to a wide range of scenarios. Virtually any organization has some form of digital identity in order to authenticate its employees, and some organizations, like banks and governments, have been identity providers to millions of people… Read More »NIST: Digital Identity Requires Secure Audit Trail
Data integrity, or the certainty that data has not been modified, is important in many cases – from communication protocols, through low-level data storage systems, to business-critical databases. Due to our reliance on the data we have, we need to guarantee it hasn’t been tampered… Read More »3 Reasons Not To Ignore Data Integrity
The Mueller Indictment of 12 Russian agents was released last week. It is a very interesting read as a whole, but it outlines some particular aspects of cybersecurity. During the hacking of DCCC and DNC networks, the Conspirators covered their tracks by intentionally deleting logs [..]… Read More »The Mueller Indictment: Proof That You Need Secure Logs
Audit logs – the recorded evidence of each action or event that has happened in an information system – is an agreed best practice in the industry. But in many cases they are not just best practices – they are a necessity according to multiple… Read More »Compliant Audit Logs (ISO 27100, PCI-DSS, etc.)