Building on a securely designed and well-segmented environment, logging and monitoring become far more effective. One thing that certainly makes life harder for pen testers (but doesn’t necessarily hinder them) is when a system has:
- good quality logging and monitoring
- appropriate responses to the alerts or events identified
With both of these in place, you can have fun telling your pen tester whenever you see them popping up and trying things in different parts of your system. A purple team approach (a purple team combines blue teaming and red teaming activities) can help ensure that any vulnerabilities uncovered are understood and remediated.
We can’t stress enough that even the best logging and monitoring capability is useless unless an organisation collects the right data, and responds to that data in the right way. Make sure that alerts are properly investigated, and that incident response plans are built, regularly communicated, and exercised with your teams.
The NCSC has published extensive guidance on the topics above. If building a system from scratch, be sure to take into account our secure design principles. We also have pointers on how to implement effective logging and monitoring.
