Insufficient logging and monitoring Exploitation is the bedrock of nearly every major events. An attackers rely on lack of constant monitoring and timely responses to achieve their goals without being recognized.
Example
An attacker uses scanning tools for users with a common password. They can take over all accounts using this one password. For all the other users this scan only leaves one false login loggd. After some days this may repeat with a different passwords.
Impact
Most of the successful attacks start with a vulnerability probing. Allowing such kind of probes to continue can raise the possibility of a successful exploit to nearly 100%. most probably recognizeing a breach will take an average of 6 months that is a lot of time for damage to be deliverd.
Mitigation / Precaution
- Ensure all login, server-side input validation failures and access control failures are logged with adequate user context to identify doubtful or malicious accounts, and held for enough time to allow held up forensic analysis.
- Ensure that logs are generated in a format that can be easily used by a centralized log management solutions.
- Establish efficient monitoring and alerting such that doubtful activities are detected and responded to in a suitable fashion.
