The National Security Agency (NSA) released a publication detailing best practices for event logging and threat detection against threat actors using living-off-the-land (LotL) techniques.
The document details best practices to improve security in cloud services, enterprise networks, mobile devices, and operational technology (OT) networks, and to ensure critical infrastructure remains robust, the agencies said. The document was jointly released by the NSA along with its counterparts in Australia, Canada, Japan, New Zealand, Singapore, and South Korea.
“It is essential for organizations to strengthen their resilience against living off the land techniques that are pervading today’s cyber threat environment,” said David Luber, NSA cybersecurity director. By implementing an effective logging solution, the security and resilience of systems as well as incident response programs will be improved, he added.
The guidelines are directed toward senior IT “decision makers,” operational technology operators, and network administrator and operators, and focus on enterprise-approved logging policy; centralized log access and correlation; secure storage and log integrity; and detection strategy for relevant threats.
https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc500c05eef79a687/66c78f4294683e8e56e3b01c/nsa_Carsten_Reisinger_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop
