Without strong logging mechanisms, an organization is truly in the dark before, during, and after any incident. Attacks on sophisticated systems are often carried out for months or even years. Would your organization be able to detect and block a probe like this? If a motivated adversary can slowly pick apart an application for that length of time and go undetected, there is a high chance that an actual exploit will occur. The following steps are vital to prevent such a scenario:
- Establish an incident response plan and rehearse it at regular intervals
- Trigger alerts in an adequate amount of time
- Take active automated actions on the alerts
Although it is no easy task to build a secure logging and monitoring program, it is an imperative part of any application architecture and it will make all the difference in detecting and blocking a sophisticated attack by a motivated and determined adversary.