Continuous Monitoring: Not Quite Constant, But a Bit Automated

Apr 05, 2016 | by RSA

Visibility is a key security element in every network environment. Without it, IT teams would be flying blind, only able to react as their vulnerabilities are exploited. Fortunately, monitoring solutions give organizations the ability to remain proactive in their security efforts. Through a combination of constant, automated, and continuous monitoring, they can maintain an ever-watchful eye on the critical systems and controls that form the digital backbone of modern business.

However, to reach a position of security through visibility, IT teams must first come to a better understanding of the distinct attributes of each monitoring strategy. This will help refine their security strategies to better focus the strengths and weaknesses of each aspect of security monitoring.

Distinctions Between Continuous, Constant, and Automated Monitoring

Continuous monitoring sounds similar to constant monitoring, and many people assume it is automated. These are common confusions when the topic is broached. The truth is that even though the differences between continuous, constant, and automated monitoring may be subtle, each has a unique spot in a comprehensive security strategy.

Constant monitoring causes the most confusion in discussions of monitoring solutions. The biggest difference between constant and continuous monitoring is a simple question of frequency. By definition, constant monitoring is a security process that never ceases. As such, these are fully automated monitoring strategies for repeatable and predictable controls. Continuous strategies, on the other hand, do not need to operate 24/7.

The frequency at which continuous assessments run varies depending on three factors: criticality, volatility, and automation. Controls that are critical to information security, reside in volatile applications, and lend themselves to automated assessment can be monitored daily. On the other end of the spectrum, controls in stable, manual applications without high security concerns can be assessed as infrequently as once a year.

As far as automated monitoring goes, it shares some common ground with continuous strategies. Whereas automated monitoring typically focuses on a reactive security approach, continuous monitoring is specifically designed as a proactive strategy. While continuous has aspects that are great candidates for automation, such as vulnerability and configuration controls, there are remaining aspects that must be manually monitored. Controls such as policy creation, new data processes, and personnel security are good examples of important controls that require a continuous monitoring strategy to maintain compliance.

Better Security Through a Well- Rounded Monitoring Strategy

After coming to a complete understanding of the differences between these three monitoring terms, IT professionals will be in a better position to grasp the full picture of security monitoring. Some controls, such as network security, are inherently volatile and require a constant monitoring process to react to immediate threats. Others with less-volatile processes, such as access control, are best addressed with an automated approach. Still, others such as patch management require continuous assessment to ensure proactive security compliance.

What it all boils down to is that visibility is essential to security, and it comes through monitoring. Continuous, constant, and automated monitoring are simply three models with which to achieve comprehensive visibility of a data environment. By understanding the specific focus of each, IT teams can refine their organizations' security strategies to include elements of the three approaches and become both reactive and proactive in their security.

Author: RSA

Category: RSA Fundamentals

Keywords: Continuous Monitoring, Security Monitoring