The National Security Agency (NSA) has released a publication outlining best practices for event logging and threat detection against threat actors using living-off-the-land (LotL) techniques. The document, jointly released with counterparts in Australia, Canada, Japan, New Zealand, Singapore, and South Korea, aims to help organizations improve their security posture against LotL attacks.
The guidelines focus on four key areas: enterprise-approved logging policy; centralized log access and correlation; secure storage and log integrity; and detection strategy for relevant threats. The publication is directed towards senior IT decision makers, operational technology operators, and network administrators and operators.
According to David Luber, NSA cybersecurity director, implementing effective logging solutions will improve the security and resilience of systems as well as incident response programs. The document is part of a coordinated global effort to eradicate LotL techniques used against critical infrastructure.
Source: https://www.darkreading.com/cybersecurity-operations/nsa-issues-tips-for-better-logging-threat-detection-in-lotl-incidents