With better event logging, attackers do try to live off the land more through normal workflows to stay under the radar. Reduce your attack surface by disabling services when not in use, monitor to establish a baseline, set strict conditional access windows, and try to segment systems as much as possible.
Adversarial cyber techniques are growing stealthier and more sophisticated, which makes it critical to implement an event logging policy that improves your organization’s chances of detecting malicious behavior on your systems. Without a good logging policy in place, Advanced Persistent Threat (APT) actors could be sitting silently on your network for months without being detected. That's because threat actors are increasingly using “living off the land” (LOTL) techniques which are designed to evade detection by appearing benign in nature. Network defenders should read the new guide to event logging from the #FBI, the Australian Cyber Security Centre (ACSC), and other partners to improve their ability to detect LOTL and other threat activity: https://lnkd.in/einH7R6W