Service-oriented architecture increases technical abilities of attacker to move laterally and maintain multiple pivot points inside of compromised environment. Microservice-based infrastructure brings more challenges for security architects related to internal event visibility and monitoring.
The research paper published by Alexander Barabanov in “Cybersecurity Issues” provides helpful resources to application and product security architects, software, and operation engineers on existing architecture patterns to implement trustworthy logging and audit process in microservice-based environments. We performed threat modeling for typical architecture pattern of logging system, defined threat mitigation strategy, and, as a result, provided bunch of high-level security requirements for audit logging system.
