Jun 07 2022

Learn the Value of Event Logging

By monitoring traffic in their cloud environments, agencies can identify unusual activity and improve security.

A sense of security is important for agencies operating IT services in the public cloud. Vendors, contractors, employees and customers all regularly interact with those services, and agencies should maintain a record of everything that occurs in their cloud environments in order to quickly identify unusual activity. Following these simple steps can help an agency maintain appropriate log records and keep the information it needs in the event of a security incident.

Click the banner below to get access to customized cloud content by becoming an Insider.

1. Lock Down the Logs to Prevent Tampering

IT leaders should understand who has access to these logs — which their systems should automatically generate and store — and configure them to minimize the risk of tampering. Ideally, logs should be sent to an immutable data store where they cannot be modified. This prevents malicious insiders from altering or deleting log records to cover their tracks.

2. Configure Alerting on Your Logs

Alerts let IT teams create predefined rules that trigger notifications or automated responses when unusual situations occur. For example, if a firewall rule change is made to allow all internet traffic, an alert will notify an administrator to explore the modification immediately.

LEARN ABOUT: Data protection and storage take priority across federal agencies.

3. Integrate as Many Data Sources as Possible

Logging efforts provide the most value if they’re brought together into a single location from many systems. These additional log records add context that security teams can use to explain unusual behaviors and reduce false positives. Organizations commonly use security information and event management or security orchestration, automation and response platforms to consolidate log records from both on-premises and cloud services.

4. Share Information Across Organizational Silos

Developers may be able to use logs to improve the efficiency of their applications and troubleshoot performance issues. Financial managers might use alerting to provide early notification of cost overruns. Be generous with the information that security-based logs can reveal and allow other organizational units to benefit in their own ways.

aaa 1

Register