Security Monitoring and Attack Detection Planning Guide

 

Download this Solution Accelerator

Click here to download the Security Monitoring and Attack Detection Planning Guide from the Microsoft Download Center.

About This Solution Accelerator

The Security Monitoring and Attack Detection Planning Guide helps you to plan a security monitoring system on Windows–based networks that can detect attacks that originate from internal and external sources. The main aim of a security monitoring system is to identify unusual events on the network that indicate malicious activity or procedural errors.

Security monitoring provides two primary benefits for organizations of all sizes: the ability to identify attacks as they occur, and the ability to perform forensic analysis on the events that occurred before, during, and after an attack.

With the ability to detect attacks as they occur, security departments can react quickly to reduce substantive damage to the network infrastructure. Forensic data also helps investigators identify the extent of the attack. Other benefits of security monitoring include:

  • Reduces the effect of attacks.
  • Provides for security staff to identity unusual patterns of behavior quickly.
  • Creates auditing information to meet regulatory requirements.

Included in the Download

The Security Monitoring and Attack Detection Planning Guide includes the following component:

  • The Security Monitoring and Attack Detection Planning Guide.pdf

In More Detail

This guide consists of four chapters that focus on the essential issues and concepts to plan a security monitoring and attack detection solution. These chapters are:

Chapter 1: Introduction

This chapter provides an executive summary, introduces the business challenges and benefits, highlights the recommended audience for the guide, lists the reader prerequisites, and provides an overview of the chapters and solution scenarios included in this guide.

Chapter 2: Approaches to Security Monitoring

This chapter provides an overview of the various options for the implementation of a security monitoring and attack detection solution that uses Microsoft and third-party technologies.

Chapter 3: Issues and Requirements

This chapter describes how to correlate the scope of security monitoring to other business requirements and to the known range of potential threats and attacks to an enterprise network. It discusses the business, technical, and security challenges of how to:

  • Detect policy violations
  • Identify external attacks
  • Implement forensic analysis

This chapter defines a policy violation as any deviation from organizational policies. Finally, this chapter lists the solution requirements for a security monitoring and attack detection system.

Chapter 4: Design the Solution

This chapter provides detailed information about how to use security monitoring to detect attacks and implement archives of security audits. It describes recommended configuration settings for effective security monitoring and the changes that organizations need to make to security policies.

This chapter also provides detailed prescriptive guidance on how to implement advanced security monitoring in large organizations. This prescriptive guidance describes how to address the issues of audit storage for high volumes of security events and how to plan attack detection in distributed networks.

Related Resources

See other Solution Accelerators that focus on security at the Security Solution Accelerators site on Microsoft TechNet.

Community and Feedback

  • Want to know what’s coming up next? Check out our Security Guidance Blog.
  • E-mail your feedback to the following address: SecWish@microsoft.com
  • If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).

About Solution Accelerators

Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Register to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as

  • Communication & Collaboration
  • Security, Data Protection, & Recovery
  • Deployment
  • Operations & Management

Download This Accelerator

Click here to download the Security Monitoring and Attack Detection Planning Guide from the Microsoft Download Center.