What Expectations Should I Have of Security Monitoring?

Applies to Product: USM Appliance™ LevelBlue OSSIM®

Security monitoring is often about monitoring often-overlooked things such as host, device, and application vulnerabilities, because those are typically the same things that attackers will leverage against you later in carrying out attacks or attempting unauthorized access to data or resources. A good network security monitoring system discovers things every day that provide value to security efforts. USM Appliance can help to locate or identify:

  • Misconfigured systems.
  • Hosts that have fallen off the radar of asset management.
  • Systems compromised by opportunistic malware or other attacks by malicious software.
  • Inappropriate or unauthorized access of sensitive data or resources from both internal and external parties; for example, detecting websites that should be blocked at the proxy server, but were not.

In most organizations, priorities for network security operations are determined primarily by risk; that is, factors such as the value of assets, the potential damage that particular threats pose, and the likelihood that those threats are realized by actual attack because of specific vulnerabilities or frequency of attacks. Risk to an organization’s network and its individual components is also often characterized by its impact based on the following criteria:

  • Confidentiality — guarantees that information can be seen only by authorized users.
  • Integrity — guarantees that only authorized users can change sensitive data and information.
  • Availability — guarantees uninterrupted access of data, information, and resources by authorized users.

For some organizations, regulatory compliance is also a major factor, due to legal requirements or other factors that create risk to an organization.