Security Profiling, Assessment & Remediation Kit.
SysLog Best Practice:
Bad, Better, and the Best
In this case a new IT team member has configured the firewall in a haste to catch up with a sudden go live, forgets to enable Security profiles for all the ‘allow-traffic policies’ as his priority at that moment to ensure seamless traffic flow. Standard security profiles include anti-virus, anti-malware, vulnerability checks, URL Restrictions etc. Things run smoothly in the business for the next 6 months, and everyone was under the perception that all is well. Suddenly an incident occurs disrupting the business as usual which is traced to a cyber attack. The legal team assigns the task of investigation to a third party, whose first step is to seek access to the log files of all the firewalls for the previous 6 months till the point of time of the incident. The IT team gives all the log files of the other devices which maintained logs except the one which let them down as logging was not enabled. The root cause could not be established satisfactorily with evidence, and this is a bad precedent.