Let’s talk about monitoring and alerting.
First – what is it? Simply put, monitoring and alerting is the ability to detect a suspicious incident and notify the appropriate team members who can decide what type and level of response is necessary.
However, your monitoring and alerting system isn’t a set-it-and-forget-it component of your overall cybersecurity posture. It’s not quick and easy, but it is essential. Without properly tuned filters and someone who knows how to digest the information and react appropriately, malicious actors can slip inside your network without your knowledge.
As Brian discusses, monitoring and alerting take time, experience, and ongoing testing to get right.
At Raxis, our penetration testing not only tests for vulnerabilities, but we also test a company’s ability to detect an attack or exploit attempt. When we test, we do so in an escalating manner that allows us to determine at what threshold detection occurs. This in turns allows our clients to see how effective (or not) their monitoring is and modify their protocols accordingly.
Want to learn more? Take a look at the next part of our Common Vulnerabilities discussion.
