Security monitoring
Security monitoring refers to the automated and centralized process of detecting and analyzing indications of potential security threats so that appropriate action can then be taken against these cyber threats.
Unfortunately, traditional blocking measures (e.g. a firewall) and an adequate SIEM (Security Incident and Event Management System) are no longer sufficient to protect against hacker attacks. Security Monitoring offers you permanent monitoring of your IT infrastructure. In doing so, certain softwares (e.g. Splunk) make real-time visual correlations to identify malicious activity and real risks are prioritized so you can take immediate action.
Use Case
Imagine one of your employees (m,f,d) logs into your company’s internal wiki in Aachen. Everything is fine. However, the same employee logs in 10 minutes later in Berlin.
How can the employee get from Aachen to Berlin in 10 minutes? Usually it is not possible. A security monitoring tool like Splunk detects this potential security threat and raises the alarm immediately.
A first possible measure is to temporarily block the account and then contact the employee. This simple but very effective measure can massively reduce or almost completely prevent damage.
