The IT Company blog series is back with another CIS control! In previous blogs, we have walked you through the understanding and importance of CIS controls 1 and 2, control 3, control 4 and control 5. Today we are picking up with control 6!
CIS control 6 is the Maintenance, Monitoring and Analysis of Audit Logs.
CIS control 6 is a control about all of your system logs. The control focuses on the emphasis of the need to be collecting and storing all of a company’s system logs in one central place. By doing so, it allows you to find everything easily and centrally, compare logs across different systems, in order to coordinate events happening across multiple devices, as well as alert off of all oF these logs from a central location, rather than having to go through and check logs on this device and check logs on this device.
The maintenance, monitoring, and analysis of audit logs provides both a convenience factor and a correlation factor for businesses. The convenience factor of having all of your logs in one place, makes it much easier and more likely that one will actually go through and look at the logs. But from a correlation standpoint, it becomes even more important. By implementing and executing CIS control 6, you enable yourself to see events and patterns that you may not see otherwise.
When you look through all of the logs for one firewall and then transfer over to read through another firewall, switch, or router log, you may not necessarily see that there is an event that happens between the two of them. On their own, they may not look like anything, but alongside one another in a central place, you can recognize patterns that may drastically impact your security.
The value, importance, and necessity of CIS control 6 is across the board, for all types of industries. In fact, there is value within a lot of industries in having logs saved and recorded. This adds a layer of reassurance that if something does happen, you can go back retroactively to find out what was exactly going on, how big of a scope the incident is and gather more pertinent information.
Some industries actually have regulations and requirements about CIS control 6. HIPPA has requirements, NIS has controls surrounding it. Any of the major regulatory bodies have requirements to collect all your logs, review your logs, and store your logs. So in a lot of cases, CIS control 6 is not just important, but mandatory.
From a non-regulated standpoint, it is a good security practice for everyone to be in control of this. To be aware of where their logs are and to have at least some sort of automated system that is picking out the major events and alerting on them.
At The IT Company, all of the devices and equipment we provide have logging capabilities, which allows our customers to implement control 6. The IT Company offers CIS Control 6 in a service approach. Meaning that it is not a “ buy and solve product.” The service takes a lot of implementation and setup, paired with continued and constant monitoring. Whether your IT department monitors and analyzes the log or you have a team member devoted to doing so, it is absolutely critical to your business.
The implementation of CIS control can be expensive, but there are such great benefits from it. Too many people look past it because they fail to understand that it isa requirement in a lot of situations and how big of a deal it is. Have questions about whether CIS control 6 is required for you or if you are doing what is needed to monitor your audit logs? Give us a call at The IT Company, we’d love to help you!