A Survey on Network Security Monitoring: Tools and Functionalities
Z. S. Younus
M. Alanezi
DOI: https://doi.org/10.47831/mjpas.v1i2.33
Keywords: Cybersecurity, Network Security Monitoring, SIEM, IDS, IPS.
Abstract
Recently, cybersecurity breaches have become more common, with varying levels of impact ranging from simple to major losses of financial resources or data. The network infrastructures are the main goal of the malicious activity to compromise confidentiality, integrity, and availability (CIA) of information security. The network devices produce a large number of logs, making the handling of these logs very important because they serve to record all activities and events that take place on the network’s devices and applications to detect and prevent abnormal behaviors. Network security monitoring is a process used to monitor network devices and their traffic to detect security vulnerabilities, threats, and suspicious activities. Organizations are using network security monitoring to quickly detect and respond to cybersecurity threats. Various methods are used to protect network devices, like antivirus, firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS), which typically operate independently. For that reason, attacks cannot be identified unless logs and events from different devices and applications are correlated and managed from a centralized location. Security information and event management (SIEM) addresses this issue by offering the capability to increase the level of information security and data protection through centralized log management for network devices. This paper presents a survey of network security monitoring techniques, encompassing their functionality, contents, and tools. Traditional tools, intrusion detection and prevention systems, and SIEM are some of these tools. In addition, the paper introduces SIEM as the most common and advanced security tool, highlighting its functionalities and capabilities.