How Modern Log Intelligence Meets New Cybersecurity Regulations by CERT-In
July 9th, 2022
Cybersecurity Breaches in India in 2022
According to Norton’s Cyber Safety Pulse Report, India faced over 18 million cyber threats in only Q1 2022, roughly 200,000 threats every day. Of the bulk, 60,000 were phishing attempts, and 30,000 were tech support scams. For perspective, phishing attempts around the world during the same period counted for approximately 16 million.
CERT-In also reported over 2.12 lakh (~0.1 million) cybersecurity incidents until February 2022. A report by Cisco said that in 2021, some Indian SMEs lost nearly seven crore rupees (nearly a million USD) in cyberattacks between September 2020-September 2021.
Cyberattacks have been a grim reality of the world, especially since the COVID-19 pandemic, which increased the exposed and vulnerable surface of organizations with remote work and rendered all cybersecurity arrangements within premises useless.
The New Directions by CERT-In
On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) issued directions per Section 70-B (6) of the IT Act, 2000 about information security procedures, policies, response, prevention and reporting of cybersecurity incidents for Safe & Trusted Internet. These directives heavily expand the scope of obligations in contrast to the Information Technology (The Indian Computer Emergency Response Team and Manner of performing functions and duties) Rules, 2013 (Rules).
The following directions were to come into effect from April 28, 2022. However, after receiving multiple requests from SMEs and service providers, the Ministry of Electronics and IT (MeitY) issued a statement extending the deadline for compliance to September 25, 2022.
- Companies must disclose cybersecurity incidents to CERT-In within 6 hours of discovering or being made aware of them, an aggressive timeframe in contrast to the 48-72-hour window developed countries allow. This means that organizations need a monitoring system in place to identify incidents, an incident response team and a plan to execute.
- All service providers, data centers, corporate and government bodies and intermediaries must synchronize their clocks to NTP servers of NIC.
- The legislation requires companies to provide “information or any other such assistance to CERT-In that may contribute to cyber security mitigation actions and better cyber security situational awareness.”
- Companies are directed to designate a single point of contact for communications with CERT-In. The latter also provided a format in which companies will provide information in the wake of an incident.
- Organizations must keep logs for a rolling period of 180 days and should provide/replay logs when required by regulators. This implies that organizations must assess their log management policies, infrastructure and capabilities, provision secure log storage and enhance log accessibility.
- The notification places virtual assets under the jurisdiction of the Ministry of Finance’s financial regulations and mandates maintaining all information collected as part of Know Your Customer and financial records for five years to ensure cybersecurity in financial markets.
- There are additional obligations for VPN providers, data centers, cloud service providers and VPS service providers.
Needless to say, it’s time for organizations in India and those operating in India to buckle up their compliance and cybersecurity systems.
How Modern Log Intelligence Helps Enterprises
Data and log management lies at the heart of the new directions by CERT-In. To discover and report incidents in a short timeframe and comply with the log management requirements, companies will need modern log intelligence.
Sophisticated log intelligence reduces noise in IT logs and events and enriches the context of logs using AI/ML models and configurable rules using data bots and pipelines.
Here’s what a modern log intelligence solution can do for your organization-
Log reduction, routing, replay
The modern Indian enterprise deals with a data deluge and consequently, expensive storage and archival. Correlation and noise reduction can allow intelligent analytics and cost reduction. When organizations need full-fidelity data, log archival and log replay from particular timestamps for compliance purposes, a modern log intelligence solution can automate the process.
Organizations operating in India from anywhere else will also need to store data in India to comply with CERT-In’s norms. Using log intelligence, data can be routed to multiple destinations- an SIEM, S3/Minio bucket or an analytics solution.
To discover and report incidents within a short timeframe, organizations need to enrich their logs to trim down the noise and unwanted fields and add context to streaming data in real-time. Log enrichment allows an improvement of 60% in MTTR and MTTI metrics, leading to quick discovery and responsiveness to incidents.
Log EdgeAI for IIoT and Predictive Analytics
Modern enterprises utilize edge computing capabilities. They need to optimize log ingestion at the edge and apply NLP to add verbosity to the data. Enterprises want to discover anomalies and patterns in data using logs at the edge or in the cloud.
Modern log intelligence reduces edge-to-cloud costs by 80% with observability pipelines at the edge. Data pipelines boost productivity by over 40% and allow faster response times when incidents occur.
About CfxCloud Log Intelligence
CfxCloud Log Intelligence by CloudFabrix is a sustainable and cost-effective approach to modern log intelligence for enterprise to upgrade their current log management infrastructure as the solution works with the existing tools and doesn’t require you to disrupt current systems.
CfxCloud Log Intelligence integrates with all major log/event collection systems, firewalls, IPS/IDS devices, security devices, SIEM/SOAR/XDR platforms, data lake and analytics systems.
A few differentiators of CloudFabrix’s Log Intelligence are:
- Capabilities around Log enrichment
- Log predictive analytics, AI/ML
- Edge to core capabilities with RDAF
- Holistic deployment models- On-premise, SaaS, Hybrid
- Usability- RDA Studio, Bot Marketplace
- Extensibility- Extensions, roboticdata.ai.
While CfxCloud Log Intelligence can help Indian enterprises comply with the new CERT-In cybersecurity norms, it is a revolutionary way of log management for enterprises worldwide. Learn more about CfxCloud Log Intelligence here.