A Threat Based Approach to Security Monitoring
By Brian Nolan
Modern cyber defense strategies recognize that controls focused on preventing compromise are not enough, and that incident detection and response capabilities are critical. Accepting the premise that compromise is inevitable is fundamental to ensuring your organization is enabled to detect and respond to all stages of an attack, including post-compromise activities.
These days, companies face a large variety of threats and the means and motives of attackers are diverse. Enterprises typically have a lot of security data but are challenged to efficiently use that information to identify malicious events and activity. Too often, the business lacks clear focus on what is most important to monitor, why, and how to best respond to specific attacks.
A practical solution to this challenge is to use a threat based approach that reviews likely attack scenarios to develop security monitoring enhancements and establish detailed response processes for specific types attacks.