9 Modern-Day Best Practices for Log Management

Log management is nothing new. But doing so smartly, correctly, and concisely in today’s data-driven world is another story.

(Image: 123tin via Adobe Stock)

(Image: 123tin via Adobe Stock)

Logs are central to forensic investigations, but only if they’re collected, stored long enough, contain everything investigators need, and the bad guys don’t get to them first.

That’s a big “if.”

“What can businesses [do] to mitigate the possibility that lots of attackers are trying to hide their tracks and even destroy log files? Obvious: Use a log management tool to centralize logs – the same advice as in 2021, 2011, 2001, and perhaps even 1991,” says Dr. Anton Chuvakin, head of security solution strategy at Google Cloud and author of several books.

However, all security professionals know log management circa 1991 is nowhere near as vast and complex as it is today. Logs grow as needed to record data events – and make no mistake, modern-day businesses have tons of data.

That makes managing large and unwieldy numbers of logs is a daily challenge. Staying in compliance with a growing number of laws is raising the level of complexity, too. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires logs to be held for up to six years, while the Sarbanes-Oxley Act (SOX) requires seven years and The Basel II Accord requires three to seven years.

So it’s crucial that log management be done smartly, correctly, and concisely – not too much, not too little, but just right – and in a manner thorough enough to be of aid to forensics investigators, even when criminals hide their misdeeds.

Experts shared their tips and best practices to give Dark Reading readers the home advantage.


1 of 10


Recommended Reading:

More Insights


Next Post

Ransom Gangs Emailing Victim Customers for Leverage - KrebsonSecurity

Tue Apr 6 , 2021
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up. […]