Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats.
The increased prevalence of malicious actors employing living off the land (LOTL) techniques, such as living off the land binaries (LOLBins) and fileless malware, highlights the importance of implementing and maintaining an effective event logging program.
CISA encourages public and private sector senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, network operators, and critical infrastructure organizations to review the best practices in the guide and implement recommended actions. These actions can help detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts.
For more information on LOTL techniques, see joint guidance Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series.
For more information and guidance on event logging and threat detection, see CISA’s Secure Cloud Business Applications (SCuBA) products, network traffic analysis tool Malcom, and Logging Made Easy.
CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide…
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional…
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor…
CISA released one Industrial Control Systems (ICS) advisory on October 22, 2024. These advisories provide…
Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled…
CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide…
This website uses cookies.