On May 12th, 2021, just days after the headline-making Colonial Pipeline ransomware attack, the White House issued an executive order on improving the nation' cybersecurity.
This order formally introduces the Federal government' stance on cybersecurity technologies and frameworks like zero trust architecture. It also shows the government' focus on logging technology to address increasingly complex cybersecurity incidents.
Following that executive order, the Federal government released Executive Memorandum M-21-31, which sets new standards for cybersecurity log management. These new standards represent the latest guidance for government agencies, large enterprises, and public institutions to protect sensitive data and defend against persistent, advanced cybersecurity threats.
Advanced SIEM/SOAR solutions like Exabeam Fusion and AlienVault USM Anywhere rely on logging to monitor, investigate, and analyze security events. Accurate, detailed logs are the cornerstone of effective detection and response. Without a formal logging standard to adhere to, it' not possible to ensure functionality and interoperability across the entire enterprise threat surface.
Accurate log aggregation, processing, and analysis enable cybersecurity forensics to take place. Logs are the building blocks of advanced threat detection, response, and remediation.
PowerShell logs are an incredibly important asset for modern cybersecurity platforms because so many of today' most sophisticated cyberattacks rely on running malicious PowerShell scripts. PowerShell can do execute almost any kind of program without needing to run additional applications, making it a prime target for cybercriminals who want to gain control of victims' devices and networks.
The Federal government has created new logging standards in order to centralize access and visibility into the events that indicate advanced attacks like PowerShell exploits. By establishing a maturity model for log requirements and criticality, the government can quickly assess the robustness of the organization' logging capabilities – and use that to determine how effective their SIEM/SOAR solutions really are.
Memorandum M-21-31 establishes a four-tier maturity model designed to help agencies prioritize logging for high-impact systems and high-value assets. Each tier is additive, meaning that every tier contains the requirements of all the other tiers below it.
According to the Memorandum, all federal agencies must achieve EL1 by August 2022. They must then achieve EL2 maturity by February 2023, and EL3 maturity by August 2024.
Exabeam' advanced logging capabilities give enterprise-level organizations the ability to meet and exceed Federal logging standards with robust, out-of-the-box functionality. With this federally compliant technology, security teams can force PowerShell scripts to generate detailed logs and ensure compromised devices and accounts generate high-priority SIEM alerts.
Exabeam uses powerful machine learning algorithms to interpret log data and scrutinize PowerShell script behavior according to configurable rules. With Lumifi security operations center (SOC) personnel augmenting Exabeam functionality with sophisticated custom rules, you can prepare your organization for Federal logging standard compliance well within the government' announced time frame.
AlienVault' USM Anywhere orchestrates multiple tools into a single, comprehensive cybersecurity platform. USM Anywhere offers a comprehensive solution for capturing SIEM event information and producing compliant audit logs from multiple different applications. It then makes them accessible from a single intuitive interface, making it an excellent choice for organizations with limited resources.
Lumifi is a leading managed service provider with expertise in Exabeam and AlienVault technology to secure organizations against cyberattacks. Our security operations center is outfitted with federally compliant audit logging tools that generate insights and protect your organization's sensitive data from exfiltration.
Join us as we explore how evolving threats bypass legacy defenses.
Date: December 5th, 2024
Time: 11:30AM MST