30 Days of Compliance Q&As #23: How Should I Monitor Access to my Network?

This may seem like an easy question, but it continues to be a challenge for companies.

Just last week, UK-based Morrisons supermarket chain announced that information of 100,000 employees, including bank details and addresses, was stolen and posted online. An arrest has been made. However, the thief wasn’t an outside hacker … but was an internal employee.

Preventing employee information theft

To adequately monitor the network there are a number of steps involved:

1. Define a monitoring policy
2. Understand the scope
3. Identify monitoring solutions
4. Configure solutions to collect information from assets
5. Configure solutions around reporting and alerting requirements
6. Identifythe right people and train them to competently perform monitoring

These steps align to the “People, Process, Technology” triad where removing any one will result in a failure, either sooner or later. Conversely, choosing the right approach to each of these will make a significant impact on how well you can monitor and detect issues.

Selecting the appropriate technology is very important as both the process and people will directly interact with the technology. A technology that is either too complex to support and implement or not sophisticated enough will mean you will not be able to achieve the level or monitoring required … at least not as cost effectively!

When evaluating a monitoring solution, be sure to look for the following:

• Straightforward collection of logs, application data and network flow data
• Simple implementation and scaleable architecture
• Detailed analytics and reporting
• Alerting and comprehensive correlation
• Statistical baselining and alerting
• Out-of-the-box reporting so you’re always ready for a compliance audit

Want to learn how AccelOps can help you monitor access to your network? Contact us; we’re here to help.