Source: Blog RSS Feed Author: Matthew Jerzewski URL: https://www.tripwire.com/state-of-security/cis-control-08
-
ONE SENTENCE SUMMARY: Audit logs are essential for security, requiring collection, review, and retention processes to prevent and detect threats effectively.
-
MAIN POINTS:
-
Audit logs help in preventing and detecting network and data compromises.
-
Regular log reviews establish baselines and identify abnormalities in operations.
-
CIS Control 8 mandates centralized log collection and standardized reviews for compliance.
-
Detailed audit logs should record events, systems, times, and responsible users.
-
Configurations to limit unauthorized modifications to audit logs are crucial.
-
Best practices provided by CIS Benchmarks assist in effective log management.
-
Keeping logs stored centrally for at least 90 days supports security needs.
-
Audit log reviews must be conducted weekly or more frequently to spot anomalies.
-
Detailed logs of DNS, URL requests, and command lines facilitate forensic investigations.
-
Centralizing log collection simplifies analysis, detection, and retention processes.
-
TAKEAWAYS:
-
Establish a structured audit log management process for enterprise assets.
-
Collect and retain detailed audit logs for a minimum of 90 days.
-
Conduct regular reviews to detect anomalies indicative of potential threats.
-
Utilize CIS Benchmarks for effective configuration and remediation strategies.
-
Implement robust access controls to protect audit log integrity against tampering.