Hi All,
NSA just published Manage Cloud Logs for Effective Threat Hunting
The many ways of accessing and managing a cloud tenant (often from anywhere in the world) can complicate the problem of security monitoring. Since cloud networks are virtualized, getting to "ground truth" can be difficult. Defense of a cloud tenant hinges on maintaining logs that record the right level of detail on security-relevant events. It also depends on logs that cannot be modified by actors to cover their tracks, even when they can act as administrators. Cloud access policies, system logs, and administrative audits must be controlled and monitored by security engineers and system administrators to prevent access abuse.
Cloud Service Providers (CSP) must have a strong focus on security to maintain reliable business models and to help secure cloud infrastructure. Organizations need to know what should be logged and how those logs should be managed, stored, and analyzed. Security logs can help in several ways, including threat hunting, investigating security incidents, and meeting compliance and audit requirements.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------