2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet706/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   702   703   704   705   706   707   708   709   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

SIEM Systems
Many IDSs and IPSs send collected data to a security information and event management 
(SIEM) system. A SIEM system also collects data from many other sources within the net-
work. It provides real-time monitoring of traffic and analysis and notification of potential 
attacks. Additionally, it provides long-term storage of data, allowing security professionals 
to analyze the data.
A SIEM typically includes several features. Because it collects data from dissimilar 
devices, it includes a correlation and aggregation feature converting this data into useful 


Implementing Detective and Preventive Measures 
759
information. Advanced analytic tools within the SIEM can analyze the data and raise alerts 
and/or trigger responses based on preconfi gured rules. These alerts and triggers are typi-
cally separate from alerts sent by IDSs and IPSs, but some overlap is likely to occur.
IDS Response 
Although knowledge-based and behavior-based IDSs detect incidents differently, they both 
use an alert system. When the IDS detects an event, it triggers an alarm or alert. It can then 
respond using a passive or active method. A passive response logs the event and sends a 
notifi cation. An active response changes the environment to block the activity in addition 
to logging and sending a notifi cation. 
In some cases, you can measure a firewall’s effectiveness by placing a 
passive IDS before the firewall and another passive IDS after the firewall. 
By examining the alerts in the two IDSs, you can determine what attacks 
the firewall is blocking in addition to determining what attacks are getting 
through.
Passive Response
Notifi cations can be sent to administrators via email, text or pager 
messages, or pop-up messages. In some cases, the alert can generate a report detailing the 
activity leading up to the event, and logs are available for administrators to get more infor-
mation if needed. Many 24-hour network operations centers (NOCs) have central monitor-
ing screens viewable by everyone in the main support center. For example, a single wall can 
have multiple large-screen monitors providing data on different elements of the NOC. The 
IDS alerts can be displayed on one of these screens to ensure that personnel are aware of 
the event. These instant notifi cations help administrators respond quickly and effectively to 
unwanted behavior. 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   702   703   704   705   706   707   708   709   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish