Known Unknowns: Identify Missing Logs and Demystify M-21-31
M-21-31 is a clear directive for Federal agencies to advance logging capabilities, including log retention and management, “with a focus on ensuring centralized access and visibility for the highest-level enterprise security operations center (SOC) of each agency.”
Managing logs well requires great observability and to achieve that, an agency first needs visibility. That’s an issue when security information and event management systems can’t track unknown data on the network.
Listen into this chat with government leaders from the Department of Homeland Security, the Continuous Diagnostics and Mitigation program, as well as from Defend Integrators, on how they approach this challenge and what they’ve learned along the way.