Professional Documents
Culture Documents
NSM Theory Deekshi
NSM Theory Deekshi
Security monitoring
Security monitoring sometimes referred to as "security information monitoring
(SIM)" or "security event monitoring (SEM)," involves collecting and analyzing
information to detect suspicious behavior or unauthorized system changes on
your network, defining which types of behavior should trigger alerts, and taking
action on alerts as needed.
Moreover, you can use the software to generate automatic security alerts and
reports, enabling you to quickly respond to any suspicious activity and take
appropriate remedial actions.
A network monitoring tool can alert you by a short messaging system (SMS) or
email when it detects any problem with availability, performance, or
configuration.
Network payload
Network protocols
Client-server communications
Traffic patterns
Encrypted traffic sessions
Traffic flow
IT teams can then investigate the reported activities and take appropriate
corrective measures.
For example, you cannot achieve high throughput if an attacker floods the
network with malware that takes advantage of network configurations, leaving
your network vulnerable to exploits.
For these reasons, it’s typical to have network administrators work directly with
security teams to perform several tasks and correlate results.
Most attackers seem to seek out easy targets that have unprotected systems or
don’t watch their networks closely enough. Network security monitoring can
help you reduce the response time if a hacker tries to intrude.
Without an effective security monitoring solution, it can take months for you to
discover that your company has been hacked.
Some attacks are obvious to detect in the network, while others are elusive. For
example, a blatant ransomware attack could lock up the entire PC, only
displaying the ransom note. On the other hand, bandwidth hijacking and botnets
are far more challenging to detect.
An effective network security monitoring solution can help you keep an eye on
any abnormal pattern, such as bandwidth hijacking and distributed denial-of-
service (DDoS) attacks.
IT teams can enable the right level of access to corporate resources based on
device, user profiles, network, or even location, for every employee, partner, or
contractor.
Security monitoring users may rest assured that their data is secure and well-
protected. The credit goes to the competency of network security. The area is
however challenged with a few drawbacks yet nothing outrageous that is
capable of outweighing its benefits. Let us look into the few disadvantages of
network security.
Expensive Set-Up
We're not talking about a single computer here, but rather a network of
computers that can store vast amounts of data. Since security is so important, it
will undoubtedly cost more. It must not be overlooked at any cost.
Time Consuming
It also necessitates the use of numbers, special characters, and alphabets in the
passwords. It's possible that the user will have to type a number of example
passwords before settling on one, which can take a long time.
Unscrupulous administration
When the best software is deployed and put in place and all of the necessary
tasks have been completed, it is natural for the administrator to become careless
at times. It is his responsibility to review the logs on a frequent basis in order to
keep an eye on the malicious users.
But there are instances when he simply trusts the system, and this is when the
attack occurs. Consequently, it is critical that the administrator be watchful at all
times.
Conclusion
Security monitoring operation within their organization. I used the open source
SO suite to show how to put NSM to work in a rapid and cost-effective manner.
This final section of the book shows several other options for NSM and related
operations. My goal is to show how NSM applies to other areas of digital
defense and how I think NSM will adapt to increasingly complex information
processing requirements.