Why you need log management and Incident monitoring
The Indian Computer Emergency Response Team (CERT-In) has announced mandatory new cyber security guidelines on 28 April 2022 for all service providers, intermediaries, data centres, body corporate and Government organizations . The failure to furnish the information or non-compliance with the ibid. directions, may invite punitive action under sub-section (7) of the section 70B of the IT Act, 2000 and other laws as applicable.
180-day log retention
All service providers, intermediaries, data centers, body corporates and Government organizations are mandated to enable the logs of all their ICT systems and maintain them securely for a rolling period of 180 days. Indian jurisdiction will maintain the same.
 Typical security relevant data sources
Security infrastructure | Server Infrastructure |
---|---|
Endpoint protection (EDR, AV) | Windows server |
Firewalls | Linux server |
Active Directory | Web server |
Web Proxy | DNS server |
Network IDS / IPS | IaaS |
Authentication | AWS |
DLP solution | Azure |
Network Infrastructure | GCP |
Routers (via syslog server) | |
Switches (via syslog server) |
Security infrastructure |
---|
Endpoint protection (EDR, AV) |
Firewalls |
Active Directory |
Web Proxy |
Network IDS / IPS |
Authentication |
DLP solution |
Network Infrastructure |
Routers (via syslog server) |
Switches (via syslog server) |
Server Infrastructure |
Windows server |
Linux server |
Web server |
DNS server |
IaaS |
AWS |
Azure |
GCP |
6-hour reporting of cybersecurity events
Any service provider, intermediary, data centre, body corporate and Government organization shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents.
Incidents Mandatory to Report
Types of cyber security incidents mandatorily to be reported |
---|
Targeted scanning/probing of critical networks/systems |
Compromise of critical systems/information |
Unauthorised access of IT systems/data |
Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc. |
Attack on servers such as Database, Mail and DNS and network devices such as Routers |
Identity Theft, spoofing and phishing attacks |
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks |
Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks |
Attacks on Application such as E-Governance, E-Commerce etc. |
Data Breach |
Data Leak |
Attacks on Internet of Things (IoT) devices and associated systems,networks, software, servers |
Attacks or incident affecting Digital Payment systems |
Unauthorised access to social media accounts |
Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications |
Attacks or malicious/suspicious activities affecting systems/ servers/networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones |
Attacks or malicious/ suspicious activities affecting systems/servers/software/ applications related to Artificial Intelligence and Machine Learning |
Types of cyber security incidents mandatorily to be reported |
---|
Targeted scanning/probing of critical networks/systems |
Compromise of critical systems/information |
Unauthorised access of IT systems/data |
Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc. |
Attack on servers such as Database, Mail and DNS and network devices such as Routers |
Identity Theft, spoofing and phishing attacks |
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks |
Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks |
Attacks on Application such as E-Governance, E-Commerce etc. |
Data Breach |
Data Leak |
Attacks on Internet of Things (IoT) devices and associated systems,networks, software, servers |
Attacks or incident affecting Digital Payment systems |
Unauthorised access to social media accounts |
Attacks or malicious/ suspicious activities affecting Cloud computing systems/servers/software/applications |
Attacks or malicious/suspicious activities affecting systems/ servers/networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones |
Attacks or malicious/ suspicious activities affecting systems/servers/software/ applications related to Artificial Intelligence and Machine Learning |
Our Offerings
Accounts
Free Trial
Projects
Essentials
Log Management
Meet the 180-day rolling logs requirement
· Leverage a Gartner leading platform, utilized by 90+ customers of the global Fortune 500
· Take advantage of flexible deployment options (on-premise or SaaS)
· Attractive pricing to fit your budget
· Fast time to value: Be compliant in as soon as 2-3 weeks
Advanced
Log Management + Security Analytics
Meet the incident monitoring requirement
Everything in Essential, plus:
· Deploy robust security rules to operate on integrated log data
· Generate alerts and notifications in case of potential incidents
· Leverage powerful dashboarding and querying capabilities for investigation
· Make use of integrated ticketing capabilities for incident management
Premium
Log Management + Security Analytics + IT Operations Analytics (ITOA)
Get maximal ROI on log management investment
Everything in Advanced, plus:
· Deploy Windows / Linux server monitoring use cases
· Deploy app / web / database server monitoring use cases
· Deploy network device monitoring use cases
· Deploy AWS / Azure / GCP monitoring use cases, and much more