Proactive Security Monitoring
A sound security program must include both reactive security monitoring (including log management and SIEM) and proactive security monitoring. Proactive security monitoring identifies potential weak links in your security posture before they are exploited. These weak links can be potential OS, system, and application vulnerabilities, misconfigurations, weak or lax security policies, lack of comprehensive security program, un-patched systems, out of date security technologies, and more.
Proactive security monitoring will allow IT teams to identify and reduce potential areas of risk and take mitigation steps before a security incident occurs. The idea is to avoid potential problems by removing or reducing an attack surface that could be exploited by an attacker. A few key activities to monitor include:
- Scanning for software vulnerabilities that should be patched
- Ensuring that critical network components are properly logging events
- Checking for unnecessary services running on a server
- Blocking ports and protocols that do not have a business reason to be open
- Identifying unknown devices connected to the network