Security Monitoring#
Security Monitoring usually means collecting too much logging information in the hope that it brings value when a security incident hits you.
Definition of Security Monitoring
Security monitoring is the process of collecting and analysing indicators of potential security threats and then triaging these threats with the right action.
Keeping up to date with security vulnerabilities involves time consuming tasks. Like:
Collecting and analysing data to identify changes
Monitor your network for unusual behaviour
Deciding on the specific types of events or behaviour that require attention
Taking action before cyber threats become a security incident
Generating detailed reports for compliance purposes. Like logging all access, successful or unsuccessful.
Closely related with security monitoring are SIEM solutions. A SIEM (Security Information and Event Management) is a security and auditing system comprising different monitoring and analysis components.
Too often SIEM solutions are offered as a holy grail with artificial intelligence that after installation just prevents you from all thinkable security threads. This is never true. All SIEM solutions should be embedded within your security management processes and require trained specialists who are able to maintain and use the solution.
You can not escape from security monitoring. You need it for:
Intrusion detection
File integrity monitoring
Good monitoring solutions will discontent your network or stop your system from working if anomalies are seen. Of course you must configure the behaviour of such solutions.
Security Monitoring is mostly about expensive and complex tools. Complete solutions combine intrusion detection (IDS), intrusion prevention (IPS) and network security monitoring (NSM). But the human effort required to keep solutions up and running is crucial for a successful Security by Design strategy. The key is to start simple by monitoring your key essentials system logs.