News and blog
NXLog main page
  • Products
    NXLog Platform
    Log collection
    Log management and analytics
    Log storage
    NXLog Community Edition
    Integrations
    Professional Services
  • Solutions
    Use cases
    Specific OS support
    SCADA/ICS
    Windows event log
    DNS logging
    MacOS logging
    Solutions by industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Plans
  • Partners
    Find a Reseller
    Partner Program
  • Resources
    Documentation
    Blog
    White papers
    Videos
    Webinars
    Case Studies
    Community Program
    Community Forum
  • About
    Company
    Careers
  • Support
    Support portals
    Contact us

NXLog Platform
Log collection
Log management and analytics
Log storage
NXLog Community Edition
Integrations
Professional Services

Use Cases
Specific OS support
SCADA/ICS
Windows event log
DNS logging
MacOS logging
Solutions by industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing


Find a Reseller
Partner Program

Documentation
Blog
White papers
Videos
Webinars
Case Studies
Community Program
Community Forum

Company
Careers

Support portals
Contact us
Let's Talk Start free
NXLog search
  • Loading...
Let's Talk Start free
July 18, 2024 compliancesecurity

NIS2 Directive: a strong request for better incident handling

By Jonathan King, Roman Krasnov

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

Did you know the European Union created a rule called the NIS Directive? This rule was established in 2016 to ensure that all member countries are equally protected against cyber attacks. It’s a step towards making it easier for governments to work together to stop cyber threats. However, the Directive was expected to provide more specific instructions for protecting against attacks and ensuring all countries follow the rule. The rule also requires companies and governments to be better prepared to handle cyber attacks and have a plan in case something goes wrong. It was a crucial step towards ensuring everyone’s safety in the modern digital age.

Introducing NIS2

From January 2023, there’s a new set of guidelines available called the Directive (EU) 2022/2555. These guidelines are enhancing the old ones, and they’re serious business. Member states must create laws that apply to specific organizations and follow particular rules. And they need to do it fast because the deadline for incorporating these guidelines into their laws is October 17th, 2024. It’s crucial to figure out which organizations these guidelines apply to and how to make sure everyone follows the same rules. So if you’re an organization affected by these guidelines, you better get cracking and start following them before it’s too late!

Old and new

The new NIS2 Directive will protect even more sectors and entities and create new ways for Member States to collaborate and stay safe. The NIS2 Directive is also bringing some fresh ideas to the table, like peer reviews and a crisis management structure called EU-CyCLONe. Plus, The European Union Agency for Cybersecurity (ENISA) is getting new responsibilities, such as creating a registry of vulnerabilities and publishing an annual report on cybersecurity in the EU. It’s exciting to see the EU taking proactive steps to secure everyone’s digital lives!

The key requirements of the NIS2 Directive for Operators of Essential Services (OES) and Operators of Important Services (OIS) include:

  1. Implementing appropriate technical and organizational measures to manage cybersecurity risks

  2. Designating a cybersecurity officer

  3. Conducting regular risk assessments

  4. Reporting serious cybersecurity incidents to their competent national authorities

  5. Cooperating with their federal competent authorities in the event of a cybersecurity incident

Entities identified as critical

Both directives define a list of sectors deemed Critical National Infrastructure (CNI), including:

  • Energy, including electricity, district heating and cooling, oil, gas

  • Transport, including air, rail, water, and road

  • Banking

  • Financial market infrastructures

  • Health

  • Drinking water

  • Wastewater

  • Digital infrastructure

  • ICT service management (business-to-business)

  • Public administration

  • Space

  • Postal and courier services

  • Waste management

  • Manufacture, production, and distribution of chemicals

  • Production, processing, and distribution of food

  • Manufacturing, including medical devices, computers, electronics, optical products, electrical equipment, machinery and equipment, motor vehicles, trailers, semi-trailers, and other transport equipment

  • Critical entities as defined under Directive (EU) 2022/2557

  • and more!

Suppose your organization is part of a Critical National Infrastructure of a EU member state. In that case, it’s crucial to have a plan to identify and manage risks to your network and information systems. These plans help prevent or minimize adverse impacts from security incidents. Countries require these organizations to implement measures for a secure network infrastructure. Being prepared for security challenges is crucial.

Complying with NIS2

When complying with NIS2 regulations, companies have room for maneuvering in how they choose to tackle the requirements. However, it’s essential to remember that member states are to direct CNI organizations to bear the responsibility of meeting these standards.

In total, there are seven technical and organizational measures that companies must address or implement to ensure compliance. These measures include:

  • Conducting risk analysis and establishing information system security policies

  • Implementing an incident management framework for prevention, detection, and response to incidents

  • Ensuring business continuity and crisis management

  • Maintaining supply chain security

  • Establishing security measures in network and information systems

  • Developing policies and procedures for cybersecurity risk management measures

  • Using cryptography and encryption

Companies must make sure they’re secure from online threats. There are a few things that can help with this. One is having clear rules about security, another is having a plan for when something goes wrong, and the third is using a system to keep data safe. It’s not something that can be done once and then forgotten. Companies should keep working on these aspects over time to ensure they stay safe.

Breach notifications

Even if a company is taking care of its cybersecurity, it can still be at risk of getting hacked. If an attack does happen, there is a strict guideline they need to follow:

  1. Within 24 hours report an early warning to a computer security incident response team (CSIRT)

  2. Within 72 hours report an incident notification that includes initial assessment, severity and IoCs

  3. Within 1 month share a final report, including detailed information on incident scope, investigation process, remediation strategies and impact

These strict notification rules put serious pressure on log management and security monitoring. A company must be capable both to track many critical log events from disparate sources and extract incident-related information from backup storage quickly to fit NIS2 reporting time-frames. Being subject to NIS2 regulations, ask yourself if you have such an effective log management pipeline in place and keep on reading to learn how NXLog helps with this.

What types of incidents must be reported?

According to the NIS2 Directive, an incident shall be considered significant and must be reported if any or all of the following are true:

  • The incident has caused or has the potential to cause substantial operational disruption or financial losses for the entity concerned

  • The incident has affected or has the potential to affect other natural or legal persons by causing considerable material or non-material losses

This goes far beyond the reporting obligation under the NIS Directive. Under NIS2, just the presence of a critical vulnerability is sufficient to trigger a reporting obligation.

Violations of the directive

The NIS2 Directive outlines the penalties organizations can face if they violate it. These penalties include:

  • Administrative fines: The maximum administrative penalty imposed on an organization for violating the NIS2 Directive is €10 million or 2% of the organization’s global turnover, whichever is higher.

  • Criminal penalties: Individuals found to have intentionally or recklessly violated the NIS2 Directive can be subject to criminal penalties, including imprisonment.

  • Civil penalties: If an organization breaks the NIS2 Directive, individuals or other organizations harmed, as a result, can take legal action against them.

If a company breaks the NIS2 Directive, its punishment will depend on how severe the violation is. For example, people in the company don’t notify the team in charge of cybersecurity about a security issue. In that case, they might get a lighter fine than if they didn’t set up proper security measures. The NIS2 Directive says that companies should get a chance to prove they followed the rules before they get punished. This means that if a company follows the rules, they can reduce or avoid the punishment they get.

How NXLog helps

Log collection is a key part of any modern cybersecurity program compatible with the NIS2 Directive. Proper log collection enables core security processes like monitoring, incident response, and reporting in time.

NXLog helps organizations stay compliant by providing a centralized security observability solution. With NXLog, you can build a robust log collection architecture and analyze logs across disparate systems to boost threat detection, minimize response time, and ensure you always stay compliant with regulations:

Enable audit log centralization with nothing missed

NXLog supports all popular and advanced log data collection methods. It seamlessly integrates with various data sources, including databases, network appliances, SIEM, and APM systems to ensure a compliant log management process.

Simplify processes with unified log collection infrastructure

NXLog allows an organization to define a unified log collection mechanism across an entire infrastructure, including system and operational components. Unified log collection helps design comprehensive technical solutions and simplify routines and policies that must be documented and communicated to staff.

Keep data safe while in transfer

Log data may include sensitive information. To make transfers secure, NXLog provides TLS/SSL encryption support to prevent data in transit from being viewed or modified by a malicious actor.

Enforce audit log & system file monitoring against unauthorized changes

NXLog provides a File Integrity Monitoring (FIM) module that detects when files are changed and promptly triggers a security event. This helps to protect both critical system files and retained logs from unauthorized tampering.

Enable cost-efficient audit log retention

Nowadays, IT systems generate tons of logs and audit trails. All that data has to be available for real-time analysis and also capable of being quickly re-hydrated from long-term storage for faster response in the case of a security event. NXLog provides log filtration, flexible retention, and routing mechanisms, creating a robust and cost-efficient retention process.

Conclusion

In 2016, the aim of the NIS Directive was to level up security efforts and help critical infrastructure organizations improve their cyber security. However, some parts of the Directive weren’t prominent and needed more guidance on managing cyber risks. People were also worried that member states weren’t doing enough to follow the Directive. The NIS Directive also emphasized the need for companies and member states to be better prepared for cyber-attacks and have plans to deal with them. The NIS2 Directive was introduced to address these concerns to help certain entities improve their cyber security measures.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us
  • nis2
  • compliance
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

Harnessing TPM encryption with NXLog
5 minutes | May 14, 2024
GLBA Compliance in 2024 - Reporting directly to the FTC
6 minutes | January 23, 2024
The story of the $1,900,000 penalty for insufficient log management
4 minutes | January 11, 2024

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Announcing NXLog Platform 1.6
April 22, 2025
Announcing NXLog Platform 1.5
February 27, 2025
Announcing NXLog Platform 1.4
December 20, 2024
NXLog redefines log management for the digital age
December 19, 2024
2024 and NXLog - a review
December 19, 2024
Announcing NXLog Platform 1.3
October 25, 2024
NXLog redefines the market with the launch of NXLog Platform: a new centralized log management solution
September 24, 2024
Welcome to the future of log management with NXLog Platform
August 28, 2024
Announcing NXLog Enterprise Edition 5.11
June 20, 2024
Raijin announces release of version 2.1
May 31, 2024
Ingesting log data from Debian UFW to Loki and Grafana
May 21, 2024
Announcing NXLog Enterprise Edition 6.3
May 13, 2024
Raijin announces release of version 2.0
March 14, 2024
NXLog Enterprise Edition on Submarines
March 11, 2024
The evolution of event logging: from clay tablets to Taylor Swift
February 6, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
February 2, 2024
Raijin announces release of version 1.5
January 26, 2024
2023 and NXLog - a review
December 22, 2023
Announcing NXLog Enterprise Edition 5.10
December 21, 2023
Raijin announces release of version 1.4
December 12, 2023
Announcing NXLog Enterprise Edition 6.2
December 4, 2023
Announcing NXLog Manager 5.7
November 3, 2023
Announcing NXLog Enterprise Edition 6.1
October 20, 2023
Raijin announces release of version 1.3
October 6, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
Log Management and PCI DSS 4.0 compliance
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON
logo

Subscribe to our newsletter to get the latest updates, news, and products releases. 

© Copyright 2024 NXLog FZE.

Privacy Policy. General Terms of Use

Follow us

  • Product
  • NXLog Platform 
  • Log collection
  • Log management and analysis
  • Log storage
  • Integration
  • Professional Services
  • Plans
  • Resources
  • Documentation
  • Blog
  • White papers
  • Videos
  • Webinars
  • Case studies
  • Community Program
  • Community forum
  • Support
  • Getting started guide
  • Support portals
  • About NXLog
  • About us
  • Careers
  • Find a reseller
  • Partner program
  • Contact us