Source: Blog RSS Feed Author: Matthew Jerzewski URL: https://www.tripwire.com/state-of-security/cis-control-08

ONE SENTENCE SUMMARY:

Audit logs are essential for security, requiring collection, review, and retention processes to prevent and detect threats effectively.

MAIN POINTS:

1. Audit logs help in preventing and detecting network and data compromises.
2. Regular log reviews establish baselines and identify abnormalities in operations.
3. CIS Control 8 mandates centralized log collection and standardized reviews for compliance.
4. Detailed audit logs should record events, systems, times, and responsible users.
5. Configurations to limit unauthorized modifications to audit logs are crucial.
6. Best practices provided by CIS Benchmarks assist in effective log management.
7. Keeping logs stored centrally for at least 90 days supports security needs.
8. Audit log reviews must be conducted weekly or more frequently to spot anomalies.
9. Detailed logs of DNS, URL requests, and command lines facilitate forensic investigations.
10. Centralizing log collection simplifies analysis, detection, and retention processes.

TAKEAWAYS:

1. Establish a structured audit log management process for enterprise assets.
2. Collect and retain detailed audit logs for a minimum of 90 days.
3. Conduct regular reviews to detect anomalies indicative of potential threats.
4. Utilize CIS Benchmarks for effective configuration and remediation strategies.
5. Implement robust access controls to protect audit log integrity against tampering.