Summary: Detect
Get a recap of how monitoring and detection have been discussed in this chapter.
Overview
This chapter provided us with a good overview of building the capability to detect and protect against different types of attacks.
Mitigation
Mitigation involves using a combination of detective and protection controls placed at strategic locations throughout the network and the internet-facing perimeter.
Keep an inventory of assets
Creating a comprehensive inventory of all the assets on the network helps ensure that vulnerability scans are thorough, and that the security team can quickly get detailed information about any asset that requires investigation or removal from the network.
Cyber intelligence
Cyber intelligence can provide information about attackers and the attacks they launch, though it can have varying quality and a limited shelf life.
Maturity levels of the items covered
The maturity level assigned to each item represents the level of maturity an organization’s security team (SOC) should be at to implement the respective security control effectively. It’s recommended to pursue these security controls according to what’s appropriate for the organization and in the order of their maturity levels. The order of the items for each level doesn’t represent their importance or the order in which they should be pursued.
Level 1
-
Alerts
-
Reporting
Level 2
-
SIEM
-
Data loss prevention
-
Vulnerability scanning
-
Cyber intelligence
Level 3
-
DNS query monitoring
-
Anonymizer network monitoring
-
Honeypots
Get hands-on with 1200+ tech skills courses.