InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
Not all logs are created equal. The key is to get the most value for your dollar and avoid alert fatigue. This piece explains the basics of setting up logging and monitoring for a typical security operations center (SOC), including the importance of determining
your mission, using the right controls, choosing the right data log sources and deploying the best SIEM for the job.
We recommend either the CISO or SOC manager begin defining the purpose of the SOC. Usually, the mission typically involves protecting the crown jewels of the organization. This aligns the SOC with the business and helps map what touches and/or could potentially access these
items. This includes machines, employees, contractors – anything that could be a threat to what you identify as the crown jewels.
For example, a SOC manager might identify (and receive agreement from the rest of staff and the board) on the following as primary crown jewels:
Following that exercise, think about what the SOC needs to protect those crown jewels. The following are examples of what to monitor in real time to help ensure the detection of potential threats and vulnerabilities:
Before you can determine how to increase visibility, you need to first understand where that visibility needs to be improved. Most likely, it is around the crown jewels, but it could also be for cloud workloads. If cloud workload visibility needs to be
improved, consider starting with what the major cloud service providers (CSPs) provide in terms of value, including:
Figure 1 lists some common data sources in a suggested order of priority, starting with identity and access management (IAM) logs and primary security controls, and then the other categories as your program matures.
There are also categories of data you should not consider logging, such as:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.