“Continuous monitoring is an important activity in assessing the security impacts on an information system resulting from planned and unplanned changes to the hardware, software, firmware, or environment of operation.”
– NIST Special Publication 800-37
A Common Framework for Automated Testing and Auditing
Continuous Monitoring refers to a common framework for continuously monitoring and auditing information technology infrastructure through frequent automated testing of security systems and policies to attest to the effectiveness of internal controls. It provides essential, up-to-date security and compliance status insights in the form of nearly real-time reporting that can be used to make immediate, cost-effective decisions that mitigate IT risk in information systems.
There are many facets to adopting a Continuous Monitoring framework which can span many security tools and vendors and includes three distinct disciplines:
CONTINUOUS TRANSACTION INSPECTION
Continuous Transaction Inspection uses multiple forensic techniques to each transaction as it is executed. These ongoing, real-time analytics give managers and executives insight into improper or fraudulent transactions. Continuous Transaction Inspection can be applied to identify network intrusions, application
or system level attacks.
CONTINUOUS CONTROL MONITORING
Continuous Control Monitoring encompasses ongoing monitoring of operationals control to identify changes or abnormal behavior to predefined policy. This monitoring may include operating system level controls, software application level controls and network level controls within their realms of responsibility.
Continuous Auditing involves advanced analytical tools that automate the auditing plan to extract and analyze data at specified intervals as part of a continuous auditing process. Continuous Audit assesses the internal controls to identify conditions that do not comply with an approved best practice configuration or policy.
Achieving Continuous Monitoring
RedSeal Networks is committed to helping public and private sector organizations simplify the determination and acceptance of network security risk through enabling continuous monitoring and compliance automation. We believe that every organization can greatly benefit from continuously monitoring its’ controls on an on-going basis and that these insights are required to protect critical assets, infrastructure and operations and mitigate IT risk in information systems.