Logs are at the heart of forensic investigations, but only if they are collected, stored long enough, contain everything investigators need, and criminals don’t get to them first.
It’s a big “if”.
“What can companies [do] to mitigate the possibility that many attackers will try to hide their tracks and even destroy log files? Obvious: Use a log management tool to centralize logs – the same advice as in 2021, 2011, 2001 and maybe even 1991, “says Dr Anton Chuvakin, head of security solutions strategy at Google Cloud and author of several books.
However, all security professionals know that the management of logs circa 1991 was not nearly as large and complex as it is today. Logs grow as needed to record data events – and make no mistake, modern businesses have tons of data.
This makes managing a large number of newspapers a daily challenge. Staying in compliance with an increasing number of laws also increases the level of complexity. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires that logs be kept for up to six years, while Sarbanes-Oxley (SOX) requires seven years and the Basel II Accord requires three to seven. year.
It is therefore crucial that the management of the logs is done in a smart, correct, and concise manner – not too much, not too little, but just the right amount – and in a sufficiently thorough manner to assist forensic investigators, even when criminals hide their wrongdoing.
Experts shared their tips and best practices to give Dark Reading readers the home edge.
A prolific writer and analyst, Pam Baker’s published work appears in many leading publications. She is also the author of several books, the most recent of which is “Data Divination: Big Data Strategies”. Baker is also a popular speaker at technology conferences and a member … See full bio
1 in 10