Section 23.223 Data from Security Tools Flashcards
Objective 4.4 Explain security alerting and monitoring concepts and tools
Data from Security Tools
Antivirus Software
Protects systems against malware, including the following…
● Viruses
● Worms
● Trojans
● Ransomware
● Spyware
■ Generates data like malware detection logs, system scans, and updates
■ Data sent to SIEM for aggregation and correlation
■ Helps identify security threats and system health
Data Loss Prevention (DLP) Systems
Monitor and control data endpoints, network traffic, and cloud-stored data to prevent data breaches
■ Generate data on potential data leak incidents, policy violations, and suspicious user activities
■ Flags attempts to send sensitive data outside the organisation
■ Data sent to SIEM for timely corrective actions
Network Intrusion Detection Systems (NIDS)
Passively identify potential threats and generate alerts
Network Intrusion Prevention Systems (NIPS)
Actively block or prevent threats from accessing the network
Data from NIDS and NIPS
Data includes the following..
● Detected threats
● Blocked traffic
● Network anomalies
■ Sent to SIEM for identifying malicious activity, security vulnerabilities, and effectiveness of intrusion prevention measures
Firewalls
Act as a barrier between trusted internal networks and untrusted external networks
■ Filter incoming and outgoing traffic based on security rules (ACLs)
■ Generate logs with data on allowed and blocked traffic, rule changes, and potential threats:
● Sent to SIEM for monitoring network perimeter security and identifying intrusion attempts
Vulnerability Scanners
Identify security weaknesses, including missing patches, incorrect configurations, and known vulnerabilities
■ Generate data on identified vulnerabilities, severity, and remediation recommendations
■ Data integrated into SIEM to prioritise vulnerability remediation:
● Used to track remediation progress and verify the effectiveness of steps taken
