Security monitoring Process of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. is often about monitoring often-overlooked things such as host Reference to a computer on a network., device, and application vulnerabilities, because those are typically the same things that attackers One who maliciously attempts to bypass security restrictions or negatively impact a system or resource. will leverage against you later in carrying out attacks or attempting unauthorized access An incident-type categorization that may be a precursor to other actions or stages of an attack. to data or resources. A good network security monitoring system discovers things every day that provide value to security efforts. USM Anywhere can help to locate or identify:
- Misconfigured systems.
- Hosts that have fallen off the radar of asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. management.
- Systems compromised by opportunistic malware Generic term for a number of different types of malicious code including viruses, worms, and Trojans. or other attacks by malicious Activity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems. software.
- Inappropriate or unauthorized access of sensitive data or resources from both internal and external parties; for example, detecting websites that should be blocked at the proxy server Computer that acts as an intermediary for requests from computers seeking resources from other servers., but were not.
USM Anywhere priorities for network security operations are determined primarily by correlation rules A correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source.. The rules link events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. together into meaningful bundles and turn data into useful information. Correlation is a function of USM Anywhere, which configures automated analysis of correlated events for identifying potential security threats and produces alerts to notify recipients of immediate issues. You can also create orchestration and suppression rules to secure your network security operations.