Monitoring is a major part of enterprise security, with more and more sophisticated tools being developed to detect potential attacks. However, as technology advances, so does hacker skill, and modern companies need to make sure they are moving with the times. This calls for smarter monitoring, or in other words, knowing exactly what to monitor and how, so as to make sure the network system is not compromised.
Here are some tips for companies to boost their enterprise security:
- Logging events on all machines: The traditional oversight in security is the conscientious monitoring of the servers, while the workstations get a lower priority. Over time, this has resulted in attackers using the workstations to gain access to the network. To prevent this possibility, make sure logging is enabled on all the machines, and not just the servers.
- Highly critical events: It’s a good idea to set up event logging based on the criticality of events. This can be done on the basis of event IDs generated by the operating system, and can be filtered automatically. This will highlight any malicious events like backup of data protection master key, change in system audit policy, etc.
- Lower criticality events: The admins must also log and monitor events that are lower in criticality but may be used as a platform by attackers. This includes events like modification of trusted domain policy, change in user groups, the firewall failing to start, etc.
Event monitoring is not foolproof, to be sure, but remains one of the best additions to the security arsenal of an admin. Staying alert for suspicious events is a great step forward in enhancing network security.
image source : http://www.flickr.com/photos/markusram
