13

Network Monitoring and Defense

Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise's network infrastructure and user base.

Why Is This Control Critical?

We cannot rely on network defenses to be perfect. Adversaries continue to evolve and mature, as they share, or sell, information among their community on exploits and bypasses to security controls. Even if security tools work 'as advertised,' it takes an understanding of the enterprise risk posture to configure, tune, and log them effectively. Often, misconfigurations due to human error or lack of knowledge of tool capabilities lead to a false sense of security. Security tools can only be effective if they are supporting a process of continuous monitoring that allows staff and automation to detect and act on events.

Safeguards (11)