top of page
  • Writer's pictureA&P

Monitoring- Vital for Cyber's Future


We hear about breaches in the news constantly. We all hope we aren't the next ones to be affected. However, the truth is we will likely all be impacted one day or another. Cyber attacks are extremely frequent and all it takes is one mistake for the attackers to compromise our networks and devices. It is not a matter of if but a matter of when. We've discussed in the past the need for a layered defense system. However, one of the layers that deserves particular attention is monitoring.


Monitoring solutions should be designed to detect an attacker in the environment as early as possible. At a minimum admins should be reviewing their system and application logs looking for suspicious activity. However, it can be difficult to pick out things looking manually at logs. That is were a Security information and event management (SIEM) solution comes into play. These solutions gather logs from multiple sources and overlay them to try and find the patterns. As an organizations size increases, it is important to invest in a SIEM solution. It is difficult and not practical to expect admins to spot things by manually checking many different logs. If you are not monitoring you are not likely to know if you have an attacker in your system or not. This allows the attacker to do whatever they want to and with your systems and data for long periods of time. If you do not detect the issues quickly, it will be difficult to restore your system. How many days of backup do you keep?


Recent advances in machine learning have brought exciting advances to monitoring. Machine learning can be used to build behavioral profiles of the users. Then they can flag if a user account is behaving abnormally. This will help start detecting issues earlier on. Its an important and exciting advance to help detect issues early on before they become bigger problems or a full scale cyber attack.

3 views0 comments

Recent Posts

See All

Comentários


bottom of page