3 MONITORING NETWORKS AND CLOUDS

When it comes to data, if it’s going to move, there is a very strong chance it’s going to move across the network. That’s why monitoring the network is a key blue team responsibility, and one where a considerable amount of money, time and effort is expended. Most commonly, attention is focused at ingress and egress points between networks of differing security classifications, for instance, between the public internet and a private internal network. You’ll often hear this referred to as monitoring north–south traffic. Implementing this type of monitoring is usually an organisation’s first venture into the realm of network traffic monitoring for the purposes of detecting a security incident.

Organisations ...

Get Security Operations in Practice now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.