An important aspect of security monitoring is the monitoring of enterprise systems. Systems are the foundational component of the enterprise network where data is stored, processed, and interacted with through applications. There are multiple methods to monitor systems, but the focus of this section is specific to security monitoring of the operating system and critical application files. This is typically accomplished through a combination of the standard security tools such as anti-virus, host-based intrusion detection, host firewall, FIM, and monitoring of operating system event logs.

In some cases, a honeypot-type technology is used to learn behaviors of network users and detect attacks against critical systems. Newer open ...