Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents
The guidance is part of a coordinated, global effort to eradicate living-off-the-land techniques used against critical infrastructure.
1 Min Read
Source: Carsten Reisinger via Alamy Stock Photo
The National Security Agency (NSA) released a publication detailing best practices for event logging and threat detection against threat actors using living-off-the-land (LotL) techniques.
The document details best practices to improve security in cloud services, enterprise networks, mobile devices, and operational technology (OT) networks, and to ensure critical infrastructure remains robust, the agencies said. The document was jointly released by the NSA along with its counterparts in Australia, Canada, Japan, New Zealand, Singapore, and South Korea.
"It is essential for organizations to strengthen their resilience against living off the land techniques that are pervading today's cyber threat environment," said David Luber, NSA cybersecurity director. By implementing an effective logging solution, the security and resilience of systems as well as incident response programs will be improved, he added.
The guidelines are directed toward senior IT "decision makers," operational technology operators, and network administrator and operators, and focus on enterprise-approved logging policy; centralized log access and correlation; secure storage and log integrity; and detection strategy for relevant threats.
About the Author
You May Also Like
More Insights
