Secure Connection
your partner in security


Tanzerin II

Monitoring


What is monitoring

The goal of monitoring is to detected in real time patterns or anomalies which can pose a thread to the IT of the organisation. In order to do so the network data is gathered and analysed in real time based on found events actions are defined and executed. Often the currents status of a system is visualised in some sort of diagram which is updated in real time and is easily interpreted. Monitoring agents can be present on servers but also on (mobile) clients or end points



London

Detection of malicious patterns

The art of monitoring is a variant on finding the needle in a haystack, even seemingly normal network traffic can, in a certain context, be a manifestation of malicious behaviour of a system or systems. The analysis can be based on:
  • reputation based data stream origin or source
  • signature recognition
  • statistical analysis of network traffic patterns,
  • anomaly detection based on machine learning algorithms.

The goal of all monitoring endeavour is finding malicious activities without false positives or negatives, which in practice is never for 100% achievable.

An important fact is what kind of data is monitored and how long will the data acquired data be retained. The last question is highly dependent on volume of the saved data. Full packet data versus some kind of (enhanced) flow data. This can be of utmost importance in the case of forensic analysis.