If someone were trying to break into your house, you’d have a simple ask: quickly detect the intruder and kick them out before they can steal your valuables. The same principle applies in cybersecurity: if there is a cyber intrusion in your network, you’d want to know before significant damage occurs.
Having access to key logging data is important to quickly mitigating cyber intrusions, like the recently identified incident affecting a federal agency’s Microsoft Exchange Online environment. In that instance, the affected agency used available logging data as an important resource to quickly detect the suspicious activity, enable remediation actions to limit damage, and help Microsoft and our teams at CISA identify and assist other victims.
While vendors can offer wider logging access at specific cloud licensing levels, this approach makes it harder to investigate intrusions. Asking organizations to pay more for necessary logging is a recipe for inadequate visibility into investigating cybersecurity incidents and may allow adversaries to have dangerous levels of success in targeting American organizations.
That’s why we applaud Microsoft’s announcement to make necessary logs identified by CISA and our partners as most critical to identifying cyber-attacks available to customers without additional cost. While we understand it will take time to roll out such a major step, this effort will enhance cyber defense and incident response for every Microsoft customer. As a founding partner in the Joint Cyber Defense Collaborative (JCDC), Microsoft’s decision is also a significant step toward creating a world where technology is safe and secure by design.
CISA and Microsoft have been working for the past several months to identify key logging activities to include in their offerings. And we will continue to advocate for the adoption of Secure by Design principles with all technology manufactures – including the availability of necessary security data and strong default controls – and will continue to work with Microsoft through the JCDC to identify ways to further enhance the security of their products for all customers.
We believe that every organization deserves to have products that are secure by design and come with necessary security data “out of the box.” Microsoft’s announcement today is an important step forward in advancing the security of our communities, companies, and country, recognizing our shared work yet to come.
