Network Security Monitoring

Every computer network in the world is aware of the importance of security in relation to the various threats to it that emanate mostly from the Internet. In this context, the role of network security monitoring (NSM) is absolutely critical to the survival of a company's business.

In this article, we will provide you an insight into this role, what NSM is all about and what it is not about. We will also inform you herein various aspects related to NSM.

Computer security is critical for the survival of a business today. Threats to computer security are real. They involve stealing a company's business secrets, compromising its competitiveness by corruption of data, causing service breaks, and frightening its customers. Threats emanate from hackers, industrial spies, criminals, and viruses, not to speak of internal threats from a company's own disgruntled employees.

In this context, the role of NSM becomes all important.

NSM is not network device management. It is not security event management. It is not network-based forensics. It is not about the vulnerabilities that exist in the computer network. It is not even intrusion prevention.

NSM is the collection, analysis, and escalation of indications and warnings to detect and respond to various intrusions that afflict a computer network.

Collection: This involves the collection of various type of data related to the various threats that intrude on a computer network through the use of sensors. The various types of such data include alert data, statistical data, session data, and full content. Full content data collection entails the maximum storage requirement, whereas alert data requires comparatively the minimum storage requirement. Full content data collection is not cost effective.

Indications: Such indications are provided by firewalls in the form of intelligent alerts. Other such indications may be provided by anti-virus software.

Analysis: The human element's role in analysis of security threats is very important. The human element can do what no software can do. It can intelligently sift through various threats and filter out false positives from them. Intrusion detection ID software only provides you an indication of what seems suspicious. In this analysis, context is the most important element.

Detection: Software used for this purpose provides only generic information. The important aspect of detection is correct interpretation. In this too, the human element is critical. It requires experts in security to correctly interpret what the intrusion detection software provides only an indication of.

Response: How to respond to a security threat is the Holy Grail. It is the be all and end all. An error at this stage and the security of a company's computer network could be irreparably compromised. The human element is absolutely vital in this.

Network security monitoring provides immediate real time feedback about the efficacy of a computer network's security. Such monitoring must adapt in the face of new attacks, new threats, software updates, and reconfigurations.