An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Aug. 21, 2024

NSA Joins Allies in Releasing Best Practices for Event Logging

FORT MEADE, Md. – To help owners and operators of NSS, DoD, and the DIB protect against malicious actors using living off the land (LOTL) techniques, the National Security Agency (NSA) is joining the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and international co-authors in releasing “Best Practices for Event Logging and Threat Detection,” a Cybersecurity Information Sheet (CSI).

The publication details best practices for event logging and threat detection in cloud services, enterprise networks, mobile devices, and operational technology (OT) networks to ensure continued delivery of critical systems. The guidance is for senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, and network operators.

“It is essential for organizations to strengthen their resilience against living off the land techniques that are pervading today’s cyber threat environment,” Dave Luber, NSA Cybersecurity Director. “Implementing and maintaining an effective event logging solution improves the security and resilience of systems by enabling network visibility and quicker incident response.”

The CSI follows the February 2024 joint-sealed Cybersecurity Technical Report (CTR), “Identifying and Mitigating Living off the Land Techniques,” which sheds light on LOTL techniques and how to identify and protect against advanced persistent threats (APTs) using these techniques. 

Today’s publication details four key factors to consider when pursuing logging best practices – enterprise approved logging policy; centralized log access and correlation; secure storage and log integrity; and detection strategy for relevant threats.

Other allies joining ASD ACSC and NSA on the release are the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Department of Justice (DOJ), the Canadian Center for Cyber Security (CCCS), the New Zealand National Cyber Security Center NCSC-NZ) and CERT NZ, Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and JPCERT/CC, the Republic of Korea National Intelligence Services (NIS) and NIS’s National Cyber Security Center (NCSC-Korea) and the Singapore Cyber Security Center (CSA).

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

Related Press Advisories

Combatting Cyber Threat Actors Perpetrating Living Off the Land Intrusions
Event Logging Threat Detection LOLT CSI cybersecurity Cybersecurity Guidance Cybersecurity Information Sheet
Hosted by Defense Media Activity - WEB.mil Veterans Crisis Line