Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions

September 27, 2024 at 10:21AM Government agencies from the Five Eyes countries have provided guidance on threat actor techniques targeting Microsoft Active Directory. These techniques exploit the directory’s vulnerabilities, making it a prime target for bad actors. The guidance recommends prioritizing privileged access security and implementing a tiered model. It also outlines common compromise techniques … Read more

US, Allies Release Guidance on Event Logging and Threat Detection

August 23, 2024 at 08:03AM The US and its allies released a joint guidance document, “Best Practices for Event Logging and Threat Detection,” focusing on defining a baseline for event logging in organizations. The guidance emphasizes the importance of security best practices, sharing responsibilities, capturing high-quality cyber security events, and structured log formats to support … Read more

NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents

August 22, 2024 at 04:32PM The NSA and international partners released a document outlining best practices for event logging and threat detection against threat actors using living-off-the-land techniques. It emphasizes improving security in cloud services, enterprise networks, and critical infrastructure, and highlights centralized log access, secure storage, and detection strategies for relevant threats. Directed at … Read more