Chapter 7: Active Security Monitoring
In the previous chapter, we looked at ways to passively be on the lookout for security incidents and risk development in our ICS environment. Even though being passive (sniffing, monitoring, event scrutinizing) is still the preferred way to detect security-related events and information, what follows is a discussion on how to use more involved methods to detect these events. If performed properly, active security monitoring techniques can be used effectively and without disrupting production, with the added benefit that active security monitoring tends to uncover more and more detailed security and risk-related data from our production network and connected systems.
In this chapter, we will look at the tools, ...
Get Industrial Cybersecurity - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.