Sub-Requirement 11.4
11.4 Use network intrusion detection systems, host-based intrusion detection systems, and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date.
Illustrative Controls and the TIBCO LogLogic Solution
To satisfy this requirement, administrators must regularly review IDS logs to ensure the IDS tools are properly updated and appropriately deployed. Review all remote access to the IT infrastructure via VPN or through firewalls. Detect any anomalies such as excessive IDS attacks or firewall traffic using behavioral-based alerts.
Reports and Alerts
Use the following link/reference to see the 11.4 reports and alerts: 11.4 on page 144.
Copyright © Cloud Software Group, Inc. All rights reserved.