An organization wants to enhance its security posture by implementing a control that passively monitors network traffic, with the intention of detecting potentially malicious activity and alerting security teams. Which of the following options is the BEST choice that fits the description of this desired control?
A network tap installed to create a mirrored copy of the ingress and egress traffic for later review
Automated aggregation of security logs to enable after-the-fact analysis of unusual activity
Periodic white-box testing of the network infrastructure by an internal security team
An intrusion detection system (IDS) configured to analyze and alert on anomalous traffic patterns
An intrusion detection system (IDS) is specifically designed for monitoring network traffic and identifying suspicious patterns that may indicate a cybersecurity threat. When an IDS detects potential malicious activity, it alerts security teams, making it the best detective control from the listed options. Although a network tap provides the means to monitor network traffic, it does so without the analysis or alerting capabilities intrinsic to an IDS. Security logs, while useful, typically require active review and analysis and do not inherently alert teams to incidents. White-box testing is a methodology used in the development phase to test internal structures or workings of an application, rather than functioning as a continuous detective control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly does an Intrusion Detection System (IDS) do?
Open an interactive chat with Bash
What is the difference between a Network Tap and an IDS?
Open an interactive chat with Bash
How does an IDS differ from log aggregation in terms of security monitoring?