Anthony M. Freed

Anthony M. Freed
Location
Oregon, USA
Birthday
February 17
Title
Senior Editor of Publications
Company
Norse Corporation
Bio
Anthony M. Freed is the Senior Editor of Publications for Norse Corporation, and is also the Communications Advisor for the Cyber Security Forum Initiative, which provides Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the US Government, US Military, Commercial Interests, and International Partners Norse is the leading innovator of live dark intelligence and adaptive security solutions that enable the proactive defense, rapid detection, risk-based response, and faster resolution of advanced cyberattacks. Norse's live dark intelligence platform continuously analyzes high-risk network traffic from the global Internet's darknets and the deep web, to proactively identify the sources, characteristics, and risk-levels of cyberattacks. Learn more at www.norse-corp.com or follow us @NorseCorp on Twitter. Anthony is an infosec journalist who authored numerous feature articles, interviews and investigative reports which have been sourced and cited by dozens of major media outlets, including The New York Times, Reuters, The Register, Financial Times of London, MSNBC, Fox News, PC/IT/Computer/Tech World, eWeek, SC Magazine, CSO Magazine, Federal News Radio, The Herald-Tribune, Naked Security, and many more. Anthony previously wrote about the finance industry before moving into the information security field, and received notoriety as a financial freelance journalist, including having numerous articles published by leading media syndicates such as The Chicago Sun-Times, Business Week’s Business Exchange, Seeking Alpha, InvestorCentric, OpenSalon, Bear Market Investments, Alacra Pulse, ML-Implode, and dozens more. Anthony also previously worked as a consultant to senior members of product development, secondary and capital markets from the largest financial institutions in the country, and he had a front row seat to the bursting of the credit bubble.

AUGUST 16, 2010 3:32AM

How to Do Application Logging Right

Rate: 0 Flag

Just wanted to highlight another useful resource on logging: "How to Do Application Logging Right” by Gunnar Peterson and myself.

Following on our previous IEEE paper (here [PDF]), we explored application logging from a developer's perspective. As Gunnar already pointed out, “audit logs are one of the quick, dirty and cheap things that can improve enterprise security.”

Here is a fun except:

“Organizations have finally gotten network device logging and—to some extent—server logging under control. However, after getting used to neat Cisco Adaptive Security Appliance or other firewall logs and Linux “password accepted” messages, security incident investigators trying to respond to the next wave of attacks have been thrust into the horrific world of application logging.”

and

“We can start by establishing  criteria for good security audit logs (which we just call “logs” from now on). […]  On the basis of the six Ws, the following list [see paper] provides a starting point for what to include [in each application log message]”

and

“Software architects and developers must “get” logging; there’s no other way. This is because infrastructure logging from network devices and operating systems won’t cut it for detecting and investigating application-level threats. Security teams will need to guide developers and architects through useful, effective logging.”

Grab the paper here [PDF] and enjoy!

And, Raffy, you owe me another beer for “We thank Raffy Marty of Loggly for his thoughtful review of the draft article.” :-) In fact, I think me using the word “thoughtful” here justifies “beer+2”…

Cross-posted from Security Warror

Your tags:

TIP:

Enter the amount, and click "Tip" to submit!
Recipient's email address:
Personal message (optional):

Your email address:

Comments

Type your comment below: