Network Security Monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to network intrusions. Indications, or indicators, are outputs from Intrusion Detection Systems monitoring the endless stream of packets moving on your network. Indicators generated by IDS monitoring systems are typically called alerts.
All indicators have value, but some have greater value. An alert stating a computer on your network has initiated a connection to a computer in China is an indicator. A spike in the amount of ICMP traffic at 2 A.M. is another indicator. Generally speaking, the first indicator has more value than the second, unless the organization has never used ICMP before. Context is the ability to understand the nature of an alert with respect to all other aspects of an organization's environment.
Warnings are the results of an analyst's interpretation of indicators, taken in context. Warnings represent human judgements. The expertise required to differentiate between illegitimate and legitimate alerts in order to issue accurate warnings is beyond the capability of most institutions. CLEARNETWORK analysts scrutinize the indicators generated by monitoring systems and forward warnings to the decision makers at your facility. By outsourcing your Network Security Monitoring to CLEARNETWORK, you engage a dedicated team of analysts to your cyber-defense. Contact Us to discuss protecting your network.