decrypting myths
Logging
turned off
Disabled logging
doesn’t necessarily allow
an attacker to get into a
system, but it does allow them
to act like a ghost while they’re in
there. Once in, hackers can move
laterally through a network in search
of data or assets to exfiltrate. Without
logging, they can do all this while
leaving zero tracks behind.
This creates a true ‘needle in a
haystack’ scenario for incident
responders and forensic analysts
and makes their job that much
harder when trying to reconstruct
what may have happened during an
incident or intrusion.
Enabling logging and having it
sent to a centralised location, like
a security information and event
management (SIEM) platform is
highly recommended.
a breach, however. While there are
numerous exploits and vulnerabilities
found daily – and yes it can be difficult
to keep up – if administrators aren’t
properly maintaining their patch levels,
then it’s game over.
Tim Bandos, Vice President of Cybersecurity
at Digital Guardian Ironically, of the breaches I’ve worked
on where the attacker’s gotten in via
a vulnerability, a majority of them have
been a vulnerability that was ridiculously
old. It shouldn’t come as a surprise –
attackers will continue exploiting old
bugs as long as they’re effective.
potential no-brainer. It’s worth pointing
out that keeping operating systems up
to date and patched appropriately can
prove significantly effective at preventing There’s hype around detecting and
preventing zero days but the most
common vulnerabilities that are exploited
can be classified as a fossil.
www.intelligentciso.com
|
Issue 21
That data will provide the
breadcrumbs needed by forensic
analysts during an incident response
investigation to reconstruct the attack
and scope the intrusion. Additionally,
it can prove highly useful when it
comes to responding to threats that
may have triggered an alert from an event
in the collection of said logs.
Having appropriate security
configurations requires your
applications, servers and databases to
be hardened in accordance with best
practices. Leaving these devices or
platforms in a default state only makes
the job of an attacker that much easier.
It may not happen right away, but they’ll
discover these misconfigurations at
some point, gain unauthorised access
– and depending on their intent – steal
sensitive data or cause damage.
Avoid becoming an easy target and
follow these precautionary steps to
protect yourself and your data. u
69