Recently the Cybersecurity and Infrastructure Security Agency (CISA) released new guidance on best practices for event logging to bolster defenses against cyberthreats. Developed in collaboration with the FBI, National Security Agency, and various international cybersecurity agencies, this document offers strategic recommendations to enhance organizational resilience in today’s challenging cyber environment.
“In the current landscape of cyber threats, having a clear understanding of your network and its components is crucial,” said Scott Gee, AHA’s deputy national advisor for cybersecurity and risk. “High-quality log data is essential for building a comprehensive picture of your environment. It enhances detection and alerting systems, enabling rapid identification of issues, and assists incident responders in analyzing what went wrong in the event of a cybersecurity incident. This guidance outlines how to implement an event logging policy aimed at capturing valuable cybersecurity events, which helps network defenders accurately identify and address security incidents.”
The guide advises that logs be stored for at least one year, subject to storage capacity. Discovering inadequate or insufficient log data in the midst of an incident can severely hinder investigations. Recently, Microsoft has introduced additional free log storage options for several service tiers. Rural hospitals are also eligible for free or heavily discounted Microsoft services.
