Summary: Detect

Get a recap of how monitoring and detection have been discussed in this chapter.

Overview

This chapter provided us with a good overview of building the capability to detect and protect against different types of attacks.

Mitigation

Mitigation involves using a combination of detective and protection controls placed at strategic locations throughout the network and the internet-facing perimeter.

Keep an inventory of assets

Creating a comprehensive inventory of all the assets on the network helps ensure that vulnerability scans are thorough, and that the security team can quickly get detailed information about any asset that requires investigation or removal from the network.

Cyber intelligence

Cyber intelligence can provide information about attackers and the attacks they launch, though it can have varying quality and a limited shelf life.

Maturity levels of the items covered

The maturity level assigned to each item represents the level of maturity an organization’s security team (SOC) should be at to implement the respective security control effectively. It’s recommended to pursue these security controls according to what’s appropriate for the organization and in the order of their maturity levels. The order of the items for each level doesn’t represent their importance or the order in which they should be pursued.

Level 1

  • Alerts

  • Reporting

Level 2

  • SIEM

  • Data loss prevention

  • Vulnerability scanning

  • Cyber intelligence

Level 3

  • DNS query monitoring

  • Anonymizer network monitoring

  • Honeypots


Get hands-on with 1400+ tech skills courses.