What is Security Monitoring?
Security monitoring is a practice that involves the appraisal and analysis of data from various sources to find suspicious activity on a network. This type of activity can indicate malicious activities such as criminal attacks or security breaches executed by insiders. Security monitoring considers different factors, including the current status of the network, its vulnerabilities, and the behavior of its users.
Security monitoring process
In its most basic form, security monitoring can be done manually; by individuals with access to information about the security status of a network and anomalous activity. Automation is preferred because it reduces the possibility of lapses in judgment or errors in tasks that need to be performed by hand.
What is a computer security incident?
Computer security incidents include activities that compromise the confidentiality, integrity, or availability of a system and its data. These activities can be intentional, unintentional, or simply anomalous.
The following constitutes examples of security monitoring:
The most straightforward approach is “reactive-security” or “threat-focused” security. In this approach, a security analyst team monitors a network, keeping an eye out for abnormal activity and events that might indicate a threat. When an event is detected, they assess it to determine whether or not it constitutes malicious activity. If it is determined to be a threat, the network administrators are notified to mitigate the event.
Another approach is known as “preventive-security” or “threat-focused” security. In this type of monitoring, a team of analysts looks for abnormalities in usage patterns throughout the network, intending to prevent any possible threats before they have a chance to happen. This strategy seeks to close security holes before they open doors and compromise the system.
Finally, a third approach is known as “detective-security” or “compliance-focused.” In this type of monitoring, teams of analysts look for evidence of activities that might violate regulations or policies put in place by an organization. As with the second, this approach seeks to prevent issues that could put the organization at risk or harm its reputation.
Security monitoring with GhostWatch
GhostWatch enables security teams to perform automated threat monitoring, time-based event correlation and forensic investigation using a single SIEM platform. From new device detection and vulnerability management to regulatory compliance monitoring and log archiving, GhostWatch connects all your tools in one place for unified visibility across the entire enterprise, both on-premise and in the cloud.
Do not hesitate to reach out to learn more about the GhostWatch security monitoring platform.