While cutting-edge technologies grab our attention, it’s the decades-old field of cybersecurity logging that’s increasingly recognized as critically important for finding and addressing vulnerabilities.
The past few years have been full of new cybersecurity logging requirements for federal agencies. Some have struggled, however, to expand their logging capabilities to include all the new requirements.
The largest set, for instance, defined a maturity model for cybersecurity event logging and required all agencies to achieve the highest maturity level within two years of the memo’s August 2021 release.
However, December 2022 guidance from the Cybersecurity and Infrastructure Security Agency gave extensive advice on how to achieve the Basic maturity level, not the Advanced level, which is the highest. This implies that agencies have found it difficult to scale their capabilities to accommodate the additional amount of log detail, extended log retention periods and supporting tools required by that memo.
Logging has grown more challenging as technology has become more complex and diverse, particularly with transitions to the cloud, mobile, the Internet of Things and other technologies that often use separate logging solutions.