8 Continuous threat detection

 

This chapter covers

  • Implementing continuous monitoring system
  • Using open source solutions for continuous threat detection
  • The process of Information Security Continuous Monitoring
  • Alert threshold life cycle assessment systems
  • Strategies for continuous monitoring

The ability to detect and respond to threats in real time is critical to cybersecurity. Continuous threat detection is a proactive measure for safeguarding an organization’s data and assets against cyber threats. Phishing attacks and ransomware continuously threaten the cyber landscape. If not detected and addressed promptly, these threats can have severe implications.

This chapter discusses the details of continuous threat detection, offering guidelines on how to implement monitoring systems. We explore continuous threat detection using open source tools such as Wazuh (https://www.wazuh.com) to enhance detection capabilities, ensuring that even the most subtle anomalies are identified and addressed. By understanding and applying the right metrics, cybersecurity professionals can better evaluate the effectiveness of their threat detection systems and make better, more informed decisions to bolster their defenses.

8.1 Implementing continuous threat monitoring systems

8.1.1 Defining strategy

8.1.2 Establishing architecture, implementing data collection, and analysis

8.1.3 Responding to findings

8.2 Open source alternative to continuous threat detection

8.3 Continuous monitoring metrics

8.3.1 Continuous monitoring metrics exercise

8.4 Understanding ATLAS

8.4.1 ATLAS methodology

8.4.2 Review and update

8.4.3 ATLAS benefits

8.5 Determining valid threat detections

8.5.1 False rejection rate

8.5.2 False acceptance rate

8.5.3 Equal error rate

8.5.4 FRR, FAR, and EER metrics

8.5.5 FRR, FAR, and ERR exercise

8.6 Adverse event analysis