Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity
  • Data Breach
  • Malware

Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity

4 years ago Chris Hudson
Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity

I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts.

“Observability” is seemingly synonymous with “monitoring,” covering things such as metrics, traces, and logging. Observation, however, has an important distinction. IT security monitoring assumes the act of measuring and evaluating against a defined standard to identify “good” versus “bad,” whereas observability is more about gathering as much information as possible and then asking questions of the data based on experiences such as the occurrence of new events. In this way, any inconsistency can be revealed before it escalates to a full-scale data breach.

The File Integrity Monitoring Playground

In the world of security, observability has always been where File Integrity Monitoring “plays” its strongest game. The questions being asked these days makes this all the more important. Gone are the days of “raw” detection being 100% effective, with increasing pressure to understand a breach in far greater detail than ever before. As the question of “can you prevent a breach” has slowly become “you may be breached, what can you do about it,” the questions that are presented by such events have become more complicated than just a simple “what did you get hit by.” To add to this pressure, external reporting requirements, brought on by increasingly thorough legal requirements and a more tech-savvy public, means there are far more questions asked than ever before. For example, most of the data privacy acts such as GDPR, and PIPEDA include reporting time-frames. Many civil codes also now include data breach reporting requirements. Along with that, the almost customary post-breach dip in the stock price of a publicly-traded company demonstrates the lack of confidence generated by a breach.

Back when viruses were considered the biggest threat to an organization, identification of the malware was important to prevent spread and damage. However, with the new generation of cybercrime, the goal is to seek entry, then persist and expand access. It’s no longer sufficient to know about a single infectious file or payload. Nowadays, it’s important to understand the myriad of ways that systems can subsequently be attacked.

Focusing in on Observation

As a result of all these considerations, observation starts to become a much more interesting concept, one which I see forensic experts and in-house security teams focusing on, with more complex questions and searches becoming key.

Tripwire Enterprise has always included robust, context-sensitive search functionality. This means that every page offers the ability to search for items relevant to that particular page. Along with that, the reporting tools offered as part of Tripwire Connect make the creation of new and unique searches both easier and more informative.

I’ve long been a fan of detective TV shows, and the recent explosion of “Escape Room” games has furthered this healthy obsession. Home-based puzzles have also helped me to develop these problem-solving skills. Such games offer just enough hints to constrain your question space. For instance, if you are playing a game that is based on Sherlock Holmes, it’s unlikely that you will be asked about rocket science. These all flex the creative thinking muscles. Such activities can be great team-building exercises as well as good learning experiences. (Bonus points to anyone out there who can find some good IT security-based Escape Rooms you can experience at home!)

In the IT world, we are very often asked to think creatively to explore the data generated by the machines we build. Part of this is achieved by knowing the right questions to ask. This moves the challenge to encouraging both logical and creative thinking skills. These are what we should all seek to hone this year, allowing us to truly take on observation-based security.

The post ” Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity” appeared first on TripWire

Source:TripWire – Chris Hudson

Tags: Compliance, Goverment, Privacy, TripWire

Continue Reading

Previous Gaming, Banking Trojans Dominate Mobile Malware Scene
Next Inclusive Awareness is the Key to Effective Cybersecurity: An Interview with Jenny Radcliffe

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

22 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

1 day ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT