Continuous Monitoring has become an overused and overhyped term in security circles, driven by US Government mandate (now called Continuous Diagnostics and Mitigation). But that doesn’t change the fact that monitoring needs to be a cornerstone of your security program, within the context of a risk-based paradigm. So your pals at Securosis did their best to document how you should think about Continuous Security Monitoring and how to get there.
Given that you can’t prevent all attacks, you need to ensure you detect attacks as quickly as possible. The concept of continuous monitoring has been gaining momentum, driven by both compliance mandates (notably PCI-DSS) and the US Federal Government’s guidance on Continuous Diagnostics and Mitigation, as a means to move beyond periodic assessment. This makes sense given the speed that attacks can proliferate within your environment. In this paper, Securosis will help you assemble a toolkit (including both technology and process) to implement our definition of Continuous Security Monitoring (CSM) to monitor your information assets to meet a variety of needs in your organization.
We discuss what CSM is, how to do it, and the most applicable use cases we have seen in the real world. We end with a step-by-step list of things to do for each use case to make sure your heads don’t explode trying to move forward with a monitoring initiative.
We don’t expect you to rebalance security spending between protection and detection overnight, but by systematically moving forward with security monitoring and implementing additional use cases over time, you can balance the scales and give yourself a fighting chance to figure out you have been owned – before it’s too late.
Originally posted on the Securosis site.