Network Security Monitoring and Analysis
In this article, the authors will look at security monitoring and analysis, specifically focusing on network security, while mentioning some of the areas where host-based monitoring would be more beneficial. An in-depth analysis of host-based techniques is beyond the scope of this study; however, it is important to realise that the best monitoring setups will take both areas into account. An initial introduction will discuss security monitoring at a high level, along with some of the techniques an analyst may use and what an attacker may hope to gain. This is followed by a discussion of the different ways in which an attacker may proceed, and an overview of the broad steps they must follow during an attack, along with indicators that can be used to detect each stage. This will be followed by a description of the different types of attackers, their motivations and their skill level. The main section of this article will consist of an exploration of the different methods that may be used to detect attacks of various levels of sophistication, with several worked examples. Along with this they will highlight some of the shortcomings of network-based monitoring and analysis.
Please sign in or register for FREE
Sign in to E&T Cyber Security Hub
Register to E&T Cyber Security Hub
E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.