This section describes several of the sensor input sources of information that may be required. However, the system is highly configurable, so these sources and policies can change at each installation site. 2.2.1 Cyber Security Event Information Event information typically available within the cybersecurity system continues to play a key role in detecting anomalous system activities. Monitoring The cybersecurity system monitors devices using an agent installed on those it is protecting. It can monitor files, running processes, events, and network communications. It can take action locally, such as restarting a stopped process, or preventing unknown processes from starting. Bill of Health The system can centrally store a fingerprint (cryptographic signature) of monitored items to identify unauthorized changes. This is included in an overall "Bill of Health" measure of the expected configuration of each device. This adds some overhead in making approved changes, since the operator must compute and store the new approved signature. However, correlation of changed configuration without approval is a reasonable trigger to take action. Network Alarms The central security services can receive network alarms through SNMP or other means. The auto-response policies can use this information to correlate events and determine likelihood of attacks or suspicious activity.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.