Prominent international cybersecurity agencies have released a comprehensive guide on improving security in different technological environments. This guide provides valuable strategies for event logging and threat detection, ensuring enhanced security measures. This comprehensive guidance can benefit individuals in the cybersecurity field, IT management, OT operation, network administration, and network operation roles within medium- to large-scale organisations. 

Event logging plays a vital role in ensuring the security and reliability of essential systems. It provides network visibility and aids in effectively responding to incidents. The guidance emphasises the enterprise’s need to implement an event logging policy that the enterprise approves, ensure centralised access and correlation of logs, securely store and maintain event log integrity, and develop a strong strategy for detecting relevant threats.

Enhancing threat detection capabilities

1. Develop an enterprise-approved logging policy

• • It is crucial for organisations to implement a standardised logging policy throughout all their environments. A comprehensive policy should specify the specific events that require logging, set up efficient monitoring procedures for the logs, and establish the suitable timeframe for their retention. The Australian Cyber Security Centre (ACSC) emphasises that “an effective event logging solution aims to send alerts to network defenders when critical software configuration changes are made or new software solutions are deployed”.  It is crucial to closely monitor all critical activities and promptly address any irregularities.

2. Centralise log collection and correlation

• • Consolidating logs in a secure and easily accessible location enhances threat detection and incident response, leading to improved efficiency. The Cybersecurity and Infrastructure Security Agency (CISA) emphasises that “centralised event logging enables network visibility, allowing organisations to detect and respond to cyber threats more efficiently.” This approach enables a comprehensive analysis and quicker identification of potential hazards.

3. Maintain log integrity

• • To prevent any unauthorised access, tampering, or deletion, it is of utmost importance to ensure the security of event logs during transmission and storage. The implementation of encryption and access controls ensures data security. The guidance emphasises that preserving the integrity of event logs is of the utmost importance and requires ensuring their security. Maintaining log integrity is key for conducting precise forensic analysis and meeting regulatory obligations.

4. Develop a detection strategy for relevant threats

• • Organisations must establish a comprehensive approach to identify and address potential risks, such as advanced persistent threats (APTs) and the use of techniques like living off the land (LOTL). It is critical to utilise tools such as Security Information and Event Management (SIEM) systems for log analysis and anomaly detection. To enhance threat detection, the ACSC emphasises the importance of effectively detecting malicious activity, behavioural anomalies, and compromised networks, devices, or accounts.

International cybersecurity collaboration

This publication was created in collaboration with various international partners, including:

• United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA)
• United Kingdom (UK) National Cyber Security Centre (NCSC-UK)
• Canadian Centre for Cyber Security (CCCS)
• New Zealand National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team (CERT NZ)
• Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Computer Emergency Response Team Coordination Center (JPCERT/CC)
• The Republic of Korea National Intelligence Services (NIS) and NIS’s National Cyber Security Center (NCSC-Korea)
• Singapore Cyber Security Agency (CSA)
• The Netherlands General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD).

By following these recommended guidelines, organisations can strengthen their cybersecurity measures and guarantee the protection and durability of vital systems.

Editors Publicspectrum

Website | + posts

Public Spectrum is the first knowledge-sharing platform in Australia to embrace the entire public sector. This website is a platform where you can connect, collaborate, empower, inspire, and upskill with public sector professionals.

• Government reinforces digital platform transparency
• ASIC on enhancing market cybersecurity adaptability
• Scams prevention framework to boost cybersecurity
• Government report on boosting cybersecurity solutions