Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Criminals often target specific systems and devices, removing their own logs to cover their tracks. Using a tool capable of ingesting logs from devices and systems and storing them together in a separate, secure place ensures the good guys can still see what the bad guys did.
"Consider removing logs from the systems and devices that are creating them," says Nathan Salminen, senior associate at global law firm Hogan Lovells. "A security information and event management tool, or even a simple log aggregation tool, ingests logs from across the enterprise and keeps them together in one place where they can be retained and preserved, even if a threat actor successfully destroys or edits logs on the targeted system
Salminen, who is also a certified Offensive Security Certified Professional (OSCP), warns that while many organizations already have such tools, "some have not yet configured it to ingest logs from all of their critical systems and devices."
As an aside, Salminen says the most prevalent problem he sees is "organizations that do not log events at all or do not retain logs for a sufficient period of time to enable them to determine the extent of the threat actor's compromise of their systems."
(Image: adam121 via Adobe Stock)
A prolific writer and analyst, Pam Baker's published work appears in many leading publications. She's also the author of several books, the most recent of which is "Data Divination: Big Data Strategies." Baker is also a popular speaker at technology conferences and a member ... View Full Bio
Tweet This
