Summary: The NSA has published best practices for event logging and threat detection to combat living-off-the-land (LotL) techniques used by cyber threat actors. This guidance aims to enhance security across various sectors, including cloud services and critical infrastructure, and was developed in collaboration with international partners.
Threat Actor: Living-off-the-land (LotL) techniques | LotL techniques
Victim: Organizations and critical infrastructure | critical infrastructure
Key Point :
- The NSA emphasizes the importance of strengthening resilience against LotL techniques in today’s cyber threat landscape.
- Best practices include developing enterprise-approved logging policies and ensuring secure storage and integrity of logs.
- The guidelines target senior IT decision-makers and operational technology operators for effective implementation.
The National Security Agency (NSA) released a publication detailing best practices for event logging and threat detection against threat actors using living-off-the-land (LotL) techniques.
The document details best practices to improve security in cloud services, enterprise networks, mobile devices, and operational technology (OT) networks, and to ensure critical infrastructure remains robust, the agencies said. The document was jointly released by the NSA along with its counterparts in Australia, Canada, Japan, New Zealand, Singapore, and South Korea.
“It is essential for organizations to strengthen their resilience against living off the land techniques that are pervading today’s cyber threat environment,” said David Luber, NSA cybersecurity director. By implementing an effective logging solution, the security and resilience of systems as well as incident response programs will be improved, he added.
The guidelines are directed toward senior IT “decision makers,” operational technology operators, and network administrator and operators, and focus on enterprise-approved logging policy; centralized log access and correlation; secure storage and log integrity; and detection strategy for relevant threats.