An organization wants to enhance its security posture by implementing a control that passively monitors network traffic, with the intention of detecting potentially malicious activity and alerting security teams. Which of the following options is the BEST choice that fits the description of this desired control?
A network tap installed to create a mirrored copy of the ingress and egress traffic for later review
An intrusion detection system (IDS) configured to analyze and alert on anomalous traffic patterns
Automated aggregation of security logs to enable after-the-fact analysis of unusual activity
Periodic white-box testing of the network infrastructure by an internal security team
An intrusion detection system (IDS) is specifically designed for monitoring network traffic and identifying suspicious patterns that may indicate a cybersecurity threat. When an IDS detects potential malicious activity, it alerts security teams, making it the best detective control from the listed options. Although a network tap provides the means to monitor network traffic, it does so without the analysis or alerting capabilities intrinsic to an IDS. Security logs, while useful, typically require active review and analysis and do not inherently alert teams to incidents. White-box testing is a methodology used in the development phase to test internal structures or workings of an application, rather than functioning as a continuous detective control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does an Intrusion Detection System (IDS) identify malicious activity?
Open an interactive chat with Bash
What are the key differences between an IDS and an IPS?
Open an interactive chat with Bash
Why isn’t a network tap sufficient for detecting malicious activity on its own?