Security News > 2022 > May > How to avoid security blind spots when logging and monitoring

Getting logging and monitoring right is so important that it is listed among the Center for Internet Security's critical security controls.

Failing to activate logging creates security blind spots in your network that will only become apparent after the fact.

Assuming that new apps and devices - including new cloud infrastructure - come with logging set to "On" is another way organizations can fail to send data to the SIEM. "Always check logging settings" should be standard procedure across the IT organization.

The best way to avoid logging and monitoring failure - as well as failure to capture the right data - is a log management and monitoring policy, and a culture of policy awareness and adherence.

You want to take risk appetite, security relevance, and volume into consideration while finding the balance for logging.

Monitoring considerations: A well-tuned SIEM with a skilled SOC. Log monitoring systems, typically SIEM solutions, oversee network activity, analyze system events, and issue alerts when anomalous behavior is detected.

News URL

https://www.helpnetsecurity.com/2022/05/02/logging-monitoring/