Automated mechanisms exist to detect unauthorized network services and alert incident response personnel.
Automated mechanisms exist to detect unauthorized network services and alert incident response personnel.
Automated mechanisms exist to identify and alert on Indicators of Compromise (IoC).
Mechanisms exist to provide session audit capabilities that can: â–ª Capture and log all content related to a user session; and â–ª Remotely view all content related to an established user session in real time.
Mechanisms exist to provide an alternate event logging capability in the event of a failure in primary audit capability.
Mechanisms exist to coordinate sanitized event logs among external organizations to identify anomalous events when event logs are shared across organizational boundaries, without giving away sensitive or critical business data.
Mechanisms exist to share event logs with third-party organizations based on specific cross-organizational sharing agreements.
Mechanisms exist to conduct covert channel analysis to identify aspects of communications that are potential avenues for covert channels.
Mechanisms exist to detect and respond to anomalous behavior that could indicate account compromise or other malicious activities.
Mechanisms exist to monitor internal personnel activity for potential security incidents.
Mechanisms exist to monitor third-party personnel activity for potential security incidents.