Event Logging and monitoring Flashcards
Evidence of Critical Events
- Recon against systems
- Weaponisation
- Delivery
- Installation of malware
- Command and control
- Action begins
Recon against systems
where perpetrators perform research environments that could be their next targets
Weaponisation
Intrusion in computing environment where perpetrators take action against a network and IT system
Delivery
The manifestation of an exploit against a vulnerability on a network or IT system
Installation of malware
This is observed when a perp has modified native functionality in a computing environment to maintain persistence
Command and control
When a hacker gain access of a server and system and take control of computing environment
Action Begins
Trying to figure out the objective of the perp, and maintaining visibility on them at all times.
Benefits of Event Logging and Monitoring
- Detection of security breaches
- Event reconstruction
- Faster recovery
Detection of security breaches
- Security logging and monitoring can help guard against malicious external threats while also guarding against internal misuses of information.
- Threats can be detected in real-time to facilitate fast intervention.
Event reconstruction
- Even if a breach should occur, audit trails can facilitate a reconstruction of the events leading up to the incursion.
- Security personnel will have a clear idea of how the breach occurred, how to rectify vulnerabilities, and what steps are
needed to prevent it from happening again.
Faster recovery
- Downtime of systems is extremely costly to organisations.
- Audit logs can create a fast and effective recovery process.
- They can help to reconstruct data files which were lost or corrupted by reverse engineering from the changes recorded in the logs.
