Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution

Thursday, March 31, 2022 | 08:00AM – 9:00AM (PST, Redmond Time)

Microsoft Sentinel Webinar | Modernize Log Management with the Maturity Model for Event Log Management (M-21-31) Solution

Presenter: TJ Banasik & Lili Davoudian

Managing the unknown unknowns is a continual challenge for security operations teams. How do you know when you have a monitoring blind spot, and will the threat find it before you do? Security teams must monitor/measure log health, coverage, and maturity. Too often, security teams discover these blind spots after an attack occurs. Investigating security incidents without logs presents significant challenges. Log sources feeding primary SecOps monitoring use cases must have equal or better Service Level Agreements (SLA) than respective use cases. For example, a SecOps monitoring use case for ransomware within 15-minute response SLAs must equal or better log health response as conflicts will greatly reduce response times.

Equally important is coverage across the organization’s portfolio. Understanding log coverage across cloud, multi-cloud, and hybrid networks is challenging. Environments change dynamically and monitoring teams require known baselines of coverage. A SecOps team cannot monitor what they cannot see. If a Security Operations Center only has 85% coverage of endpoints, the remaining assets subset becomes the blind spot.

The third dynamic is measuring maturity of log management. Understanding maturity requires a repeatable framework for evaluation of current posture and granular steps to mature the model for greater coverage and visibility. Recently, the US Government released M-21-31, which requires federal government agencies to mature log event management capabilities to improve the ability to investigate and respond to cloud security attacks. This initiative guides federal agencies to understand log event management and is broken up into four tiers of maturity. We are announcing the Microsoft Sentinel: Maturity Model for Event Log Management (M-21-31) Solution. This solution consists of (1) Workbook, (8) Analytics Rules, (4) Hunting Queries, and (3) Playbooks.

To ensure you hear about future Microsoft Sentinel webinars and other developments, make sure you join our community by going to https://aka.ms/SecurityCommunity

#MicrosoftSentinel #LogManagement #MicrosoftSecurity
Be the first to comment