Network Infrastructure Management
Establish and maintain dedicated computing resources, either physically or logically separated, for all administrative tasks or tasks requiring administrative access. The computing resources should be segmented from the enterprise's primary network and not be allowed internet access.
Network Monitoring and Defense
Centralize security event alerting across enterprise assets for log correlation and analysis. Best practice implementation requires the use of a SIEM, which includes vendor-defined event correlation alerts. A log analytics platform configured with security-relevant correlation alerts also satisfies this Safeguard.
Network Monitoring and Defense
Tune security event alerting thresholds monthly, or more frequently.
Network Monitoring and Defense
Deploy a host-based intrusion detection solution on enterprise assets, where appropriate and/or supported.
Network Monitoring and Defense
Deploy a network intrusion detection solution on enterprise assets, where appropriate. Example implementations include the use of a Network Intrusion Detection System (NIDS) or equivalent cloud service provider (CSP) service.
Network Monitoring and Defense
Perform traffic filtering between network segments, where appropriate.
Network Monitoring and Defense
Manage access control for assets remotely connecting to enterprise resources. Determine amount of access to enterprise resources based on: up-to-date anti-malware software installed, configuration compliance with the enterprise’s secure configuration process, and ensuring the operating system and applications are up-to-date.
Network Monitoring and Defense
Collect network traffic flow logs and/or network traffic to review and alert upon from network devices.
Network Monitoring and Defense
Deploy a host-based intrusion prevention solution on enterprise assets, where appropriate and/or supported. Example implementations include use of an Endpoint Detection and Response (EDR) client or host-based IPS agent.
Network Monitoring and Defense
Deploy a network intrusion prevention solution, where appropriate. Example implementations include the use of a Network Intrusion Prevention System (NIPS) or equivalent CSP service.
