The National Security Agency has released a cybersecurity information sheet outlining the best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices and operational technology networks.
The CSI was published in collaboration with other federal agencies, such as the Cybersecurity and Infrastructure Security Agency, and international partners, led by the Australian Signals Directorate’s Australian Cyber Security Centre, NSA said.
“Best Practices for Event Logging and Threat Detection” is designed to help organizations’ IT and cyber personnel defend against threat actors that use living-off-the-land techniques.
“Implementing and maintaining an effective event logging solution improves the security and resilience of systems by enabling network visibility and quicker incident response,” NSA Cybersecurity Director Dave Luber said in a statement.
He noted that organizations must bolster their resilience against advanced attack strategies in today’s cyberthreat environment.
In the publication, the NSA details the important considerations when applying logging best practices, namely enterprise-approved logging policy, centralized log access and correlation, secure storage and log integrity, and detection strategy for relevant threats.
Public and private sector organizations are advised to review the guide and execute its recommended actions, which can help identify malicious activity, behavioral anomalies, and compromised networks, devices or accounts.