A security analyst implements intrusion detection sensors and automated log analysis tools. The primary purpose of these tools is to identify anomalies or disruptions in network traffic and system activities and then trigger an alert. Which type of security control does this implementation represent?
This scenario describes a detective control. Detective controls are designed to find and alert on security incidents after they have already occurred or as they are happening. Intrusion detection systems (IDS) and log analysis tools fit this description perfectly as they monitor for and report on suspicious activity, rather than stopping it outright.
Preventive controls aim to stop an incident before it happens (e.g., a firewall blocking a malicious IP address).
Corrective controls are used to limit the damage and restore systems after an incident has been detected (e.g., restoring from a backup after a ransomware attack).
Deterrent controls are meant to discourage potential attackers (e.g., warning banners).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are detective controls in cybersecurity?
Open an interactive chat with Bash
What are preventive measures in security architecture?
Open an interactive chat with Bash
How can an organization improve its incident response after detecting a threat?