Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the inevitable business and compliance consequences of a successful cyberattack. The decisions that need to be made around logging and monitoring are no exception.
Capturing all data from every device on the network can create bottlenecks, overwhelm log management, and obfuscate signs of network penetration, or malicious activity. Not capturing all the critical log data can result in monitoring that fails to identify attacks before they do damage or assist in forensics after the incident.
Getting logging and monitoring right is so important that it is listed among the Center for Internet Security’s critical security controls.
Failing to log creates blind spots
Failing to activate logging creates security blind spots in your network that will only become apparent after the fact (i.e., when an attack is successful). Every component of your extended infrastructure — on premises and remote — should be configured to generate appropriate audit events. These components include operating systems, system…