Pay more attention to security monitoring and logging, warns CREST

Organisations need to focus more effort and resources on monitoring and logging to help detect potential cyber-security attacks, according to CREST.

The warning is contained in new research published by CREST, the not-for-profit accreditation body that represents the technical information security industry.

Exponential growth in users and devices connected to the internet, combined with the increasing volume of log files generated by IT systems, is creating a major challenge for information security professionals.

“Organisations seldom have an adequate cyber-security logging and monitoring capability,” said Jason Creasey, author of the CREST report and managing director of consultancy Jerakan. “They often suffer from a lack of budget, resources, technology or recognition of the type and magnitude of the problem. Additionally, organisations often put blind trust in the monitoring tools they have purchased, giving them a false sense of security.”

The key to understanding this wealth of data is context, the report says. There are many sources of cyber-security information, including internal monitoring, external logs such as cloud and MSSP, threat intelligence, reconnaissance data and suspicious threat agent activity which, when brought together, can provide a security overview.

“While you are unlikely to achieve utopia in cyber-security monitoring and logging, by prioritising and managing myriad event logs and building an effective monitoring process, it is possible to identify potential indicators of compromise (IOC) at an early stage, investigate them effectively and take appropriate action to reduce the frequency and impact of cyber-security incidents,” Creasey said. 

CREST said that the research report provides practical advice on how to manage logs, deal with suspicious events and use threat intelligence to address security and compliance challenges.