Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity
  • Data Breach
  • Malware

Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity

4 years ago Chris Hudson
Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity

I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts.

“Observability” is seemingly synonymous with “monitoring,” covering things such as metrics, traces, and logging. Observation, however, has an important distinction. IT security monitoring assumes the act of measuring and evaluating against a defined standard to identify “good” versus “bad,” whereas observability is more about gathering as much information as possible and then asking questions of the data based on experiences such as the occurrence of new events. In this way, any inconsistency can be revealed before it escalates to a full-scale data breach.

The File Integrity Monitoring Playground

In the world of security, observability has always been where File Integrity Monitoring “plays” its strongest game. The questions being asked these days makes this all the more important. Gone are the days of “raw” detection being 100% effective, with increasing pressure to understand a breach in far greater detail than ever before. As the question of “can you prevent a breach” has slowly become “you may be breached, what can you do about it,” the questions that are presented by such events have become more complicated than just a simple “what did you get hit by.” To add to this pressure, external reporting requirements, brought on by increasingly thorough legal requirements and a more tech-savvy public, means there are far more questions asked than ever before. For example, most of the data privacy acts such as GDPR, and PIPEDA include reporting time-frames. Many civil codes also now include data breach reporting requirements. Along with that, the almost customary post-breach dip in the stock price of a publicly-traded company demonstrates the lack of confidence generated by a breach.

Back when viruses were considered the biggest threat to an organization, identification of the malware was important to prevent spread and damage. However, with the new generation of cybercrime, the goal is to seek entry, then persist and expand access. It’s no longer sufficient to know about a single infectious file or payload. Nowadays, it’s important to understand the myriad of ways that systems can subsequently be attacked.

Focusing in on Observation

As a result of all these considerations, observation starts to become a much more interesting concept, one which I see forensic experts and in-house security teams focusing on, with more complex questions and searches becoming key.

Tripwire Enterprise has always included robust, context-sensitive search functionality. This means that every page offers the ability to search for items relevant to that particular page. Along with that, the reporting tools offered as part of Tripwire Connect make the creation of new and unique searches both easier and more informative.

I’ve long been a fan of detective TV shows, and the recent explosion of “Escape Room” games has furthered this healthy obsession. Home-based puzzles have also helped me to develop these problem-solving skills. Such games offer just enough hints to constrain your question space. For instance, if you are playing a game that is based on Sherlock Holmes, it’s unlikely that you will be asked about rocket science. These all flex the creative thinking muscles. Such activities can be great team-building exercises as well as good learning experiences. (Bonus points to anyone out there who can find some good IT security-based Escape Rooms you can experience at home!)

In the IT world, we are very often asked to think creatively to explore the data generated by the machines we build. Part of this is achieved by knowing the right questions to ask. This moves the challenge to encouraging both logical and creative thinking skills. These are what we should all seek to hone this year, allowing us to truly take on observation-based security.

The post ” Observation vs. Monitoring: What’s the Difference in the World of Cybersecurity” appeared first on TripWire

Source:TripWire – Chris Hudson

Tags: Compliance, Goverment, Privacy, TripWire

Continue Reading

Previous Gaming, Banking Trojans Dominate Mobile Malware Scene
Next Inclusive Awareness is the Key to Effective Cybersecurity: An Interview with Jenny Radcliffe

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

11 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

11 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Malware
  • Vulnerabilities

3 SOC Steps that Shut Down Incident Risks Early

15 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

15 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Vulnerabilities

Gitea Vulnerability Exposes Private Container Images without Authentication

17 hours ago [email protected] (The Hacker News)

Recent Posts

  • Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
  • Malicious npm Package Stole Files From Claude AI User Directory via GitHub
  • GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
  • 3 SOC Steps that Shut Down Incident Risks Early
  • 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT