By Rami Altalhi and David Roman.
Logs are fundamental to strengthening an organization's digital defenses. Many logs within an organization contain records related to computer security.
These computer security logs are generated by many sources, including security software, workstations, servers, antivirus software, EDRs, firewalls, and intrusion detection and prevention and networking equipment.
Many organizations face different challenges in collecting, reviewing and managing logs. As the adoption of digital technologies increases, the volume of log data grows, which makes it challenging for cybersecurity teams to identify which logs are most valuable when investigating and analyzing threats.
To simplify companies logging challenges, and bolster incident response planning, the Talos IR team will soon offer Log Architecture Assessment, as part of the services available through the Cisco Talos Incident Response Retainer Service. The Log Architecture Assessment can help companies analyze, collect and prepare their logs to be better equipped for any potential threats. On top of things like an incident response plan, having strong log policies and understanding those policies enhances the company’s incident response data points/references to make better-informed decisions on future incidents.
During a Log Architecture Assessment, Talos IR will look at customers’ environments to determine what, if any, logs are being collected, processed and correlated and how they can be better identified and sorted to spot potentially malicious events. This enables the company to create a timeline of events more easily during any future incidents.
Customers do not need to come prepared ahead of time with anything for a Log Architecture Assessment — Talos IR will work with the customer to:
Determine metadata being logged in their environment and any basic configurations in place. Run a ..Support the originator by clicking the read the rest link below.
