Governance & Risk Management

Global Cyber Agencies Unveil New Logging Standards

Logging Best Practices Guidance Aims to Enhance Global Detection and Response
Global Cyber Agencies Unveil New Logging Standards
New cyber agency guidance urges organizations to log all control plane operations and more. (Image: Shutterstock)

More than a dozen global cyber authorities endorsed guidance aimed at establishing baseline standards for logging and threat detection, responding to the rising threat from foreign adversaries and malicious actors who increasingly use "living off the land" techniques.

See Also: Risk-Based Authentication eBook: How Duo Can Reduce Risks for Hybrid Work

The event logging guidance calls for enhanced cybersecurity monitoring to better detect critical software configuration changes and other modifications that could signal the presence of malicious activity or potential security breaches. Recent examples of high-profile cyber incidents - from the SolarWinds supply chain attack to the Colonial Pipeline ransomware hack - are evidence that robust event logging could have mitigated widespread fallout by detecting early signs of compromise and enabling a faster, more effective response.

The Australian Signals Directorate's Australian Cyber Security Center published the joint guidance Thursday along with the U.S. Cybersecurity and Infrastructure Security Agency, the Canadian Center for Cyber Security and the U.K. National Cyber Security Center, among others. It urges senior information technology decision-makers and operational technology operators in cloud environments to log all control plane operations, including API calls and end-user logins.

The guidance also recommends configuring control plane logging to capture any administrative changes, authentication events and read and write activities.

The cyber agencies identified a wide range of event details that should be included in an organization's logging policy, including the event type, command executed and user identification, and it seeks to ensure that logs and logging platforms are usable for analysis. It also calls on network administrators to "properly organize logged data into 'hot' data storage that is readily available and searchable."

International cybersecurity authorities have launched recent security initiatives to help the public and private sectors better protect their networks and sensitive data. CISA launched a free open-source log management solution in 2023 called "Logging Made Easy," which provides under-resourced organizations with threat identification and remediation support.

Chad Poland, product manager for cyber shared services at CISA, told Information Security Media Group at the time that one of the agency's top goals with the new initiative "is to drive the implementation of measurably effective cybersecurity investments which includes providing cybersecurity capabilities and services that fill gaps" for target-rich, resource-poor organizations (see: CISA Launches Logging Tool for Resource-Poor Organizations).


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.