Common Continuous Monitoring (CM) Challenges

Continuous monitoring (CM) is a crucial step for organizations to detect and mitigate the security events that may result in breaches. It offers detailed, up-to-date compliance and network status insights in the shape of real-time reporting that can be used to identify inconsistencies in internal controls, information security violations or unexpected changes in how systems are being operated. In an ideal world, organizations could simply deploy a CM solution log several bytes of machine-generated data for analysis and wait for the red flags of cyber-intrusions to show up.

In the real world, however, implementing a CM solution can be a complex process, especially at organizations that have multiple networks and systems running across several geographically-distributed sites. That’s because large and complex IT environments need CM to not just say what happened (like an organization can discover analyzing log files), but also offer visibility concerning the context of what happened. This means there are some challenges connected to implementing a CM solution.

DevOps Connect:DevSecOps @ RSAC 2022

Here’s a look at some of those common challenges faced by such organizations and the measures they can take to overcome them.

Keeping Tabs on Endpoint Activity

Endpoints have always been challenging to track, even before CM solutions existed, because of their nature. Internal and external stakeholders can introduce a new endpoint whenever they want, like connecting to a neighboring company’s network. Moreover, endpoints aren’t just limited to desktop PCs; they can include Wi-Fi, printers, smartphones and even wearables like Google Glass. Unless an organization’s CM solution can track newly-created and existing endpoints at all times, it can easily lead to oversight.

For overcoming this challenge, organizations need to take a hybrid approach to continuous monitoring. Pairing passive, real-time monitoring with an always-on active scanner can provide you with both clarity of vulnerable endpoints and detection of newly-created assets. (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: