Guidance & Recommendations for Event Logging and Threat Identification

by | Aug 23, 2024

The Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), together with their global partners, have published guidance on event logging and threat identification.

HIPAA-covered entities must use hardware, software, and/or procedural systems to document and keep track of activity in data systems including electronic protected health information (ePHI), and routinely check these records for unauthorized activity. This consists of application records that monitor user activity in ePHI systems, like files opened, records viewed, and the design, reading, modifying, or deleting of ePHI-associated records. Furthermore, system-level records need to catch specifics such as successful and unsuccessful sign-in attempts, devices utilized for access, and the programs that were either used successfully or unsuccessfully.

The new guidance from CISA and its associates is for medium to large companies, providing guidelines to boost event logging and threat identification in enterprise systems, web services, business mobility, and operational technology (OT) systems. This guidance assists network defenders in establishing a baseline for event logging, discovering threats, and supporting incident response teams in mitigating cyber threats, which include attacks using fileless malware and living-off-the-land (LOTL) strategies that threat actors utilize to stay away from discovery.

The guidance outlines the objectives for a good event logging system, emphasizing the design of logs that are both functional and effective for experts. This enables network defenders to quickly make educated decisions according to notifications and analytics. The system must alert network defenders of activities that are possibly associated with malicious activities, like the installation of new software programs, changes in configurations, or events showing LOTL strategies or post-compromise lateral movement. Decreasing notification noise is likewise important to save questions time and reduce storage fees.

Recommendations in the guidance consist of the following:

  • setting up an enterprise-accepted event logging policy
  • prioritizing event log access and connection
  • making sure storage and logs are secure
  • creating a detection technique for pertinent threats.

The guidance shows a case analysis of the Volt Typhoon threat actor, which employed LOTL strategies to attack Windows-based systems and avert discovery. It highlights anomalous behaviors related to LOTL strategies that can help network defenders distinguish these activities from legitimate ones. This guidance would be helpful if included in the HIPAA training requirement for entities covered by HIPAA.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy