Network security monitoring
The use of next-generation firewalls, data loss prevention, malware analysis, and intrusion prevention are the foundation of network security monitoring at the Internet edge and other network boundaries. As an integral component to defense in depth, these tools analyze all network traffic traversing the network and are typically positioned in areas of the most criticality. Each of these technologies has been covered in depth in the earlier chapters from the protection standpoint; this section will discuss leveraging the tools from a monitoring perspective.
In order to gain an understanding of what traffic is traversing the network and its intent, it is imperative to have a strategic implementation of these tools in a fashion that will provide the most valuable event data. This is particularly difficult as there is a significant amount of data that is analyzed, collected, and security events created. For each of these technologies, an evaluation of capabilities...
