Real-Time Monitor /alerting
Are there any specific real-time alerts that would warrant a manual (meaning not automated e.g. IPS) action from a security perspective?
( all the firewalls I use are the TZ series).
TKWITS Community Legend ✭✭✭✭✭
Again it really depends on your organization policies... If they don't have a policy, maybe one should be written up.
And frankly a person on a forum cannot (and really should not) define your requirements. Many things can be handled automatically as you mentioned, and I don't know how much you can get out of real-time alerting from the device itself. I also use an external SNMP monitor to generate other alerts based on things like bandwidth usage (that might require manual response).0
Disconnected Newbie ✭
I appreciate your responses.
The focus of my question was pinned to regulatory compliance associated w/NIST, so you referencing NIST, was perfect. Your point on organization's policy is certainly not lost on me, (and other readers I'm sure).
I was trying to determine what alerts (if any) would require an urgent ticket to be created & handled by a tech, instead of leveraging an automated action. The answer, as you've pointed out isn't dependent on just technical controls/capabilities, but usually more so by any regulatory & organizational/administrative controls (policies/procedures).
Some initial items I had in mind originally were:
- The firewall becomes unresponsive/doesn't check-in
- Fails-over to its secondary internet connection
- Degradation and/or load exceeding a limit for a specified duration as defined by the organization as an acceptable level.
This is a loaded question and would depend on your organizations policies. Read up on on NIST and other cybersecurity frameworks.
TKWITS, thanks for your reply.
Re: NIST, the only area I see that would require real-time alerting is regarding login/authentication failures (ref: au-5 (2) Response to audit processing failures).
Do you see any additional requirements I'm over-looking?
Your response was much more elegant than mine.