From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Endpoint monitoring
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Endpoint monitoring
- [Narrator] We have a tremendous number of diverse computing endpoints throughout our organizations. In addition to the many desktop and laptop computers used by individuals, and servers in our data centers in the cloud, we have mobile devices, Internet of Things sensors, and many other network enabled devices running on our networks. These endpoints are often the first target of attackers seeking to penetrate our defenses. They target relatively unprotected endpoints in the hope that they will be able to use that access as a jumping off point for a larger attack. This makes monitoring endpoints a crucial task for cybersecurity analysts. This monitoring should begin with the basics. Organizations are likely already monitoring processor activity, memory consumption, and file system activity, for signs of operational issues. These same metrics can provide important security insight as well. For example, unexplained spikes…
Contents
-
-
-
-
(Locked)
Endpoint monitoring3m 23s
-
(Locked)
Malware prevention7m 17s
-
(Locked)
File system integrity monitoring4m 42s
-
(Locked)
Network monitoring4m 20s
-
(Locked)
Protocol analyzers6m 39s
-
(Locked)
DNS harvesting4m 30s
-
(Locked)
Intrusion detection and prevention8m 29s
-
(Locked)
Web security tools3m 40s
-
(Locked)
Impact analysis3m 50s
-
(Locked)
Querying logs7m 10s
-
(Locked)
-
-
-
-
-