Four-point plan highlights how central logging can improve cyber-resilience

Report urges agencies to look beyond traditional security technologies and capture four key sets of data to improve their overall security posture.
cyber resilience

As government agencies come under increasing cyberattacks, reliable central logging can help IT leaders more quickly understand the full extent of a breach and act quickly before serious damage occurs, according to a recent report.

The report, published by Splunk, focuses on the security posture an organization needs to establish to be able to handle threats and defend assets — and outlines four ways central logging data can improve an organization’s posture. Security posture is a measure of the effectiveness of procedures and controls that protect an agency from internal and external cyberthreats.

“The broader the visibility into security posture, the more context security teams can gain to make better decisions on how to best respond,” the report states.

The report highlights how an agency can ensure it is improving its security posture by:

  • Understanding its endpoints so it can find malware infections before damage is caused to operations
  • Properly managing user identity and accesses to spot potential malicious login activity
  • Knowing what is happening on your network to help security teams understand where and how an attack may have entered
  • Staying informed with current threat intelligence for early warning indicators of malicious activities

Security teams can understand more easily what is happening across the environment when they start with these four basic data sources.

As an agency assesses its security posture, bringing multiple logs into a central location is a common approach which will make all relevant data available in a reliable location for a security team to access.

Leveraging insights from central logging and other machine data is a critical step toward gaining visibility across a multi-layered security environment.

The challenge stems from the limited view security technologies alone offer of an attack’s activity. The view would be dependent on where the technology is deployed, whether on an agencies network or its endpoint devices. Additionally, a lot of relevant data can be contained on non-security devices throughout the agency — such as servers, identity infrastructures and applications.

Agencies that prioritize having visibility across all their IT systems and digital assets will be able to have end-to-end visibility of an attack’s activities, and effectively mitigate the components of the threat.

Using security posture insights to analyze overall risk and applying best-practice methods will focus an agency’s IT security team in where to focus their investigations and improve the durability of an agency in the face of a cyberattack.

This article was produced by StateScoop for, and sponsored by, Splunk.

Latest Podcasts