SI-4 Intrusion Detection Tools and Techniques
Control: Employ tools and techniques to monitor events on the system, detect attacks, and provide identification of unauthorized use of the system.
Illustrative Controls and TIBCO LogLogic Solution
Vulnerabilities are continually being discovered by hackers/researchers and introduced by new software. Systems, processes, and custom software must be tested frequently to ensure security is maintained over time and through changes. Use network intrusion detection systems, host-based intrusion detection systems, and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date. Ensure that security techniques and related management procedures are used to authorize access and control information flows from and to networks such as Intrusion Detection.
To satisfy this requirement, administrators must periodically review IDS logs to ensure the IDS tools are fully utilized. Administrators must review all remote access to the IT infrastructure through VPN or through firewalls. Detect any anomalies such as Anomalous IDS Alerts or firewall traffic using behavioral-based alerts.