Abstract
Continuous monitoring is at the heart of security operations. After threat intelligence is gathered and vulnerabilities identified and managed, the entity must detect unwanted activity in the network. In the smallest of organizations, this is no easy task. Data generated by a single laptop running Windows 10 is quite large. Dozens of log entries are generated on startup alone. A Windows endpoint running Microsoft's Sysmon tool generates tens of thousands of logs in a matter of hours. Take into account the network traffic generated by a simple HTTP connection as well as normal broadcast traffic generated internally and you immediately begin to understand how complicated monitoring can get.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
Miller, David R., Harris, Shon, Harper, Allen A., VanDyke, Stephen, Blask, Chris “Security Information and Event Management (SIEM)” McGraw Hill, 2011
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Eric C. Thompson
About this chapter
Cite this chapter
Thompson, E.C. (2020). Continuous Monitoring. In: Designing a HIPAA-Compliant Security Operations Center. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5608-4_5
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5608-4_5
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5607-7
Online ISBN: 978-1-4842-5608-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books