Network Monitoring for Intrusion Detection

by Karen Kent Frederick
Sept. 23, 2017 1 comment Symantec Detection & Response network security

In the world of intrusion detection, we tend to focus on detecting attacks and clearly anomalous activity. However, another important component of a complete intrusion detection solution is basic network monitoring and traffic analysis. Network monitoring collects information on connections, while traffic analysis allows us to see what services are being used on a network and to compare that against the activity that we should be seeing. This allows us to identify unauthorized services being used within a network, as well as gaps in network perimeter defenses. By combining basic network monitoring and traffic analysis with other intrusion detection methods, you can establish better overall security. In this article, I will present an introduction to network monitoring and traffic analysis.

2flash 4 months, 1 week ago

A great introductory presentation on network monitoring. Really useful security doc!