Monitoring and detection systems
Actively monitoring network traffic within an organization helps cybersecurity professionals to detect whether there’s a threat on their system and which systems are compromised. For instance, the security team may notice an increase in DNS queries from an internal server that’s sending packets to an unknown DNS server on the internet. By analyzing the network traffic, it seems the internal server was compromised by malware that has established a C2 channel to a C2 server on the internet and is using a common network protocol such as DNS to reduce its threat level and detection. Without monitoring network traffic, this security incident may have gone unnoticed and the adversary would continue to expand their attack.
Furthermore, cybersecurity professionals need to monitor host systems to detect potential threats at an early stage. Once a threat is found, the security team can apply immediate actions to contain and eradicate the threat...
