What is monitoring
The goal of monitoring is to detected in real time patterns or anomalies which can pose a thread to the IT of the organisation. In order to do so the network data is gathered and analysed in real time based on found events actions are defined and executed. Often the currents status of a system is visualised in some sort of diagram which is updated in real time and is easily interpreted. Monitoring agents can be present on servers but also on (mobile) clients or end points
The art of monitoring is a variant on finding the needle in a haystack, even seemingly normal network traffic can, in a certain context, be a manifestation of malicious behaviour of a system or systems. The analysis can be based on:
- reputation based data stream origin or source
- signature recognition
- statistical analysis of network traffic patterns,
- anomaly detection based on machine learning algorithms.