Bill BernardOct 2, 2023

For #CyberSecurityAwarenessMonth, I'd like to start with a basic assumption we often seem to overlook:

If you don't need the data, don't keep it. Or put another way: you can't lose what you don't have.

Cheap (virtually unlimited) storage encourages us all (people and organizations) to keep lots of sensitive data we don't need - and there are plenty of examples of that coming back to bite people in sensitive places.

Show threadBill Bernard

Today's #CyberSecuirtyAwarenessMonth topic is choosing the highest priority log sources for your #SecOps needs. Unfortunately there is no "one size fits all" concept here, every organization has different needs and prorities. However, most organizations will see significant value with these data sources as a starting point:

  • Active Directory (or other central auth system)
  • Cloud Native Infrastructure
  • Endpoint Detection and Response
  • Firewall
  • Multi-Factor Authnentication
  • Web Proxy (or related solution)

This list gets you coverage for a wide variety of key data relevant in almost any cyber security instance. Add other data sources as appropriate in your environment.

Oct 25, 2023 at 12:13pmWeb