Cyber Situational Awareness: Endpoint Visibility

Detection of compromises cannot occur without visibility into the activities going on with assets. Network security analysts can view these activities in one of two places, or sometime both–directly on the device and in the communications going to and from the device (i.e., on the network). The first step in threat detection is knowing which activities can be seen on a device and understanding how to instrument the device to provide that visibility.

Most organizations have a dauntingly large number of endpoints to manage and monitor, but you don’t need to monitor them all. You may want to begin by monitoring your critical on-premise server infrastructure, then take what you learn from that to your cloud-based servers, all while working with your workstation support to develop strategies for instrumenting on-premise, cloud, and mobile end-user environments. Incremental gains will deliver incremental value and important lessons.

Feel free to take it slow; just make sure that you take it steady.

Full article