Monitoring IT systems is central to the protection of an organisation. The government’s 10 Steps to Cyber Security points out that for monitoring to be successful, it must be comprehensive.
In other words, this means looking at everything from the networks, servers, desktop computers as well as host intrusion detection systems, prevention solutions and wireless intrusion detection.
The guide also states that all network traffic needs to be monitored, both inbound and outbound, and organisations need to be able to generate audit logs that identify unauthorised use and the users.
To a significant degree, if other points within the guide are adhered to, a level of monitoring will already be taking place.
In the past, it was a widely held belief that system monitoring was not really a core requirement for operational effectiveness. However, the dramatic and sustained surge in cyber attacks and the threat from insider data leaks, presents this argument as redundant. The need to protect sensitive data, whether it’s customer information, financial records or intellectual property has never been more pressing.
Industrial scale tracking
For many organisations, monitoring needs to take place on an industrial scale with the tracking of thousands of devices. At its core, monitoring essentially needs to track activity as well as raising red flags if anything out-of-place happens.
There are a number of ways to approach this. We recommend centralised technology platforms that detect threat activity as it provides the security team with the context and insights needed to minimise the potential fall-out.
It’s not just a question of looking out for malware; it’s a question of having full insight into the IT estate and all its component parts. It needs to be comprehensive given that some threats are multi-vector advanced persistent threats carried out by external attackers, while others arise from malicious or accidental behaviour by insiders.
A business needs to be able to detect even a partial fragment of sensitive data on a network endpoint with data loss prevention tools as well as guarding against data loss in the cloud and on premise.
Detailed analytics help you understand what is normal organisational behaviour as well as helping to highlight when something or someone deviates from the norm.
Preconfigured policies are also important in that they allow you to get up and running quickly and more importantly, effectively. The importance of monitoring data and human behaviour can’t be overstated, especially as it can give you an early warning system that flags up if something is amiss.