This week’s entry in the OWASP Top Ten series is Insufficient Logging & Monitoring. This is one of those things that organizations often don’t realize they are missing until it is too late. People sometimes overlook this one because it’s not an attack or a threat in the common usage of the term.
Logging should be done not only on endpoints, but also on network infrastructure, and pretty much everything else. When establishing what should be logged and what shouldn’t it is best to err on the side of caution and over log. You can always dial back on the logging later. Timestamps are crucial to logging. All log entries need to have timestamps and every device’s time should be synchronized with an NTP server. This allows correlations to be made after an incident.
We at Brackish are huge proponents of monitoring. Having a dedicated SOC team to monitor and respond to alerts is crucial in the modern Cybersecurity landscape. If you think your business is too small and you cannot afford a dedicated SOC, Brackish can help!
Do not overlook Logging and Monitoring. It is crucial to detecting and responding to attacks. If you have any questions, reach out to us at Brackish and help make the bad guy salty!
See also:
https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring