The importance of logs: You won't see what you don't log^Waudit

Thursday, May 16, 2019

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

The importance of logs: You won't see what you don't log^Waudit, by Tim (Wadhwa-)Brown
2019 Data Breach Investigations Report, by Alex Pinto

As a Team, Cisco's CX EMEAR Security Architecture team sees an awful lot of customer sites and systems where logging is either unconfigured or where it is configured in an inappropriate fashion.

In our experience, we find issues relating to this in over 50% of assessment engagements which climbs still further for engagements where we're asked to actively deliver our incident response capabilities. It's not often talked about but effective logging is a key control both to give the blue team visibility of the network they're defending and to enable accurate analysis in the event of an incident. This talk will cover:

  • Why logging goes wrong
  • How to start to plan your logging requirements
  • Case studies
  • Where to go next

Brought to you by:


Guest Presenter:

Tim (Wadhwa-) Brown

Tim (Wadhwa-) Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco's bespoke methodologies covering subjects as diverse as secure development, host hardening, risk and compliance, ERP and SCADA. In 2016-2017, Tim looked at targets as varied as Active Directory, z/OS mainframes, power stations, cars, banking middleware and enterprise SAP Landscapes. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on UNIX, KDE, Vista and web application security to his name.

Sponsor Presenter:

Alex Pinto

Alex Pinto is a Distinguished Engineer of the Security Solutions Group at Verizon Enterprise Services, currently managing the Verizon Security Research team, which is responsible for the Verizon Data Breach Investigations Report (DBIR).

Alex has over 20 years of experience in building security solutions and products and the last 6 years have been dedicated to the application of machine learning in cybersecurity detection and threat hunting activities.

Sustaining Partners