Attack monitoring and detection as suggested by Microsoft

This is a good piece from Microsoft where they mention the value of security monitoring. From the article

The primary goal of a security monitoring and attack detection system is to help identify suspicious events on a network that may indicate malicious activity or procedural errors.

Microsoft apperently understands the importance of really looking for indications of attacks, instead of living in belief that systems are impenetrable and that security products will offer protection. Their suggestions with regards to the actual process and routine is also accurate:

A security monitoring solution is actually a continual process of planning, implementing, managing, and testing, because that is the very nature of security monitoring. Because the threats to business networks are always changing, the system that monitors the security in a business network must also change.

This process is suggested as a part of their Microsoft Operations Framework (MOF), which also features other operational routines.

I like that Microsoft is putting some effort in the defining the operational requirements for managing their systems and environments. The lack of these kind of security operations are what makes companies fail, not that they don’t have enough security products. The article also features some good hints on analysing Window Event Logs.

This entry was posted on November 13th, 2007 and is filed under Intrusion Detection, Microsoft, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or Trackback from your own site.