Network Monitoring and Defense
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise's network infrastructure and user base.
Why Is This Control Critical?
We cannot rely on network defenses to be perfect. Adversaries continue to evolve and mature, as they share, or sell, information among their community on exploits and bypasses to security controls. Even if security tools work 'as advertised,' it takes an understanding of the enterprise risk posture to configure, tune, and log them effectively. Often, misconfigurations due to human error or lack of knowledge of tool capabilities lead to a false sense of security. Security tools can only be effective if they are supporting a process of continuous monitoring that allows staff and automation to detect and act on events.
Related Policy Templates
Safeguards (11)
| ID | Title | Asset Type | Function | Implementation Groups |
|---|---|---|---|---|
| 13.1 | Centralize Security Event Alerting | Network | Detect |
IG2
IG3
|
| 13.2 | Deploy a Host>Based Intrusion Detection Solution | Devices | Detect |
IG2
IG3
|
| 13.3 | Deploy a Network Intrusion Detection Solution | Network | Detect |
IG2
IG3
|
| 13.4 | Perform Traffic Filtering Between Network Segments | Network | Protect |
IG2
IG3
|
| 13.5 | Manage Access Control for Remote Assets | Devices | Protect |
IG2
IG3
|
| 13.6 | Collect Network Traffic Flow Logs | Network | Detect |
IG2
IG3
|
| 13.7 | Deploy a Host>Based Intrusion Prevention Solution | Devices | Protect |
IG3
|
| 13.8 | Deploy a Network Intrusion Prevention Solution | Network | Protect |
IG3
|
| 13.9 | Deploy Port>Level Access Control | Devices | Protect |
IG3
|
| 13.10 | Perform Application Layer Filtering | Network | Protect |
IG3
|
| 13.11 | Tune Security Event Alerting Thresholds | Network | Detect |
IG3
|