Logs are central to forensic investigations, but only if they’re collected, stored long enough, contain everything investigators need, and the bad guys don’t get to them first.
That’s a big “if.”
“What can businesses [do] to mitigate the possibility that lots of attackers are trying to hide their tracks and even destroy log files? Obvious: Use a log management tool to centralize logs – the same advice as in 2021, 2011, 2001, and perhaps even 1991,” says Dr. Anton Chuvakin, head of security solution strategy at Google Cloud and author of several books.
However, all security professionals know log management circa 1991 is nowhere near as vast and complex as it is today. Logs grow as needed to record data events – and make no mistake, modern-day businesses have tons of data.
Sponsored ContentEnterprise Risk Management: A New Beginning
Credit risk. Fraud risk. Public image risk. Environmental risk. Enterprise risk management is key to sustainable business strategy and operational resiliency.Brought to you by Micro Focus
That makes managing large and unwieldy numbers of logs is a daily challenge. Staying in compliance with a growing number of laws is raising the level of complexity, too. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires logs to be held for up to six years, while the Sarbanes-Oxley Act (SOX) requires seven years and The Basel II Accord requires three to seven years.
So it’s crucial that log management be done smartly, correctly, and concisely – not too much, not too little, but just right – and in a manner thorough enough to be of aid to forensics investigators, even when criminals hide their misdeeds.
Experts shared their tips and best practices to give Dark Reading readers the home advantage.