Organizations need to dedicate more resources to logging and monitoring to combat the threat of cybersecurity incidents, CREST has warned in a new report. The non-profit accreditation body canvassed professionals from 66 mostly large organizations and found that only 41% of respondents claimed their capability for identifying suspected or actual cybersecurity incidents was high or very high.
CREST argues that the vast proliferation in connected user devices and the increase in log files generated by company IT systems are giving security professionals an ever-more daunting task when it comes to identifying threats.
The free report gives best-practice advice to companies struggling to deal with the burden of monitoring and logging responsibilities as part of a holistic security strategy. It emphasizes the need for context when carrying out monitoring. This can be achieved, the report says, by combining analysis of logs generated both internally and externally, such as cloud and MSSP logs.
In addition, organizations should apply further context with the use of intelligence data, reconnaissance information and suspicious threat activity.
Companies also need to increase their efficacy in identifying anomalies on the network, correlating such activity with existing intel, applying the right tools, and seeking the right support from external sources. The report also advocates that organizations build or outsource to a security operations center (SOC).
CREST also identified that organizations are using compliance and certification standards, such as ISO 27001 and PCI DSS, as a benchmark for their monitoring and logging – which is not a sufficient approach to safeguarding against cybersecurity incidents, says CREST president Ian Glover.
“Compliance does not equal security. Being fully compliant with standards will still leave you exposed to cybersecurity incidents and some senior management do not appreciate the rationale and importance behind monitoring and logging.”
Jason Creasey, Jerakano MD and author of the CREST report, said that organizations often suffer from a lack of budget, resources, and awareness of cybersecurity problems.
“Additionally, organizations often put blind trust in the monitoring tools they have purchased, giving them a false sense of security,” he explained.
“It is also important to understand all the surrounding processes and skills required before buying a solution; companies need to avoid putting too much focus on products, rather than using them to support applications such as intrusion monitoring, change management, incident response and business continuity.”