Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Not all logs are created equal. The key is to get the most value for your dollar and avoid alert fatigue. This piece explains the basics of setting up logging and monitoring for a typical security operations center (SOC), including the importance of determining
your mission, using the right controls, choosing the right data log sources and deploying the best SIEM for the job.
We recommend either the CISO or SOC manager begin defining the purpose of the SOC. Usually, the mission typically involves protecting the crown jewels of the organization. This aligns the SOC with the business and helps map what touches and/or could potentially access these
items. This includes machines, employees, contractors – anything that could be a threat to what you identify as the crown jewels.
For example, a SOC manager might identify (and receive agreement from the rest of staff and the board) on the following as primary crown jewels:
Following that exercise, think about what the SOC needs to protect those crown jewels. The following are examples of what to monitor in real time to help ensure the detection of potential threats and vulnerabilities:
Before you can determine how to increase visibility, you need to first understand where that visibility needs to be improved. Most likely, it is around the crown jewels, but it could also be for cloud workloads. If cloud workload visibility needs to be
improved, consider starting with what the major cloud service providers (CSPs) provide in terms of value, including:
Figure 1 lists some common data sources in a suggested order of priority, starting with identity and access management (IAM) logs and primary security controls, and then the other categories as your program matures.
READ: Best Practices for MacOS Logging & Monitoring
There are also categories of data you should not consider logging, such as:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
February 29, 2024
By IANS Research
Access key data sets from the 2023 -2024 IANS and Artico Search’s Cybersecurity Staff Compensation Benchmark Report. Gain valuable insights on cybersecurity staff roles to hire and retain top security talent.
Access key data from IANS and Artico Search’s Compensation, Budget and Satisfaction for CISOs in Financial Services, 2023-2024 report. Find valuable insights around the Financial Services CISO role to help better understand your situation, improve job satisfaction and drive organizational change.
February 21, 2024
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.