Best Practices - 4

Detection
  • Every day, come to the office assuming that a new vulnerability has surfaced
  • Perform routine checks of log files from firewalls, Web and application servers, IDS boxes, and performance monitors
  • Be curious, ask questions and pursue answers
  • Prioritize assets based on their value, and focus detection efforts accordingly
  • Make a list of all the security products used in the organization, and monitor vendors Web sites for updates
  • Update security products often—daily, if necessary
  • Know the IT infrastructure and how it behaves under normal circumstances so abnormal activities are noticeable
  • Rely on people to detect new attacks, and make sure they have the resources to fully defend the IT infrastructure