// THREAT DETECTION AND DATA PRIVACY TERM
Security Monitoring
Security monitoring is the continuous process of observing an organization's computer systems, networks, and applications to detect suspicious activities, threats, or security incidents. It aims to identify and alert on potential cyberattacks or policy violations in real-time.
TECHNICAL DEFINITION
Security monitoring involves the continuous collection, analysis, and correlation of security-relevant data from logs, network traffic, endpoints, and cloud environments within an IT infrastructure to identify, alert on, and respond to cyber threats, vulnerabilities, and anomalous behavior, often leveraging SIEM, SOAR, and EDR solutions for proactive defense and incident response.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Cyber Monitoring
- Threat Monitoring
- Security Operations Monitoring
- SIEM Monitoring
- Incident Detection
- Security Surveillance
USAGE NOTE
Effective security monitoring is fundamental to modern cybersecurity defense, enabling early detection and rapid response to mitigate the impact of breaches.
DEVELOPERS
Organizations developing technology related to Security Monitoring.
Splunk provides a comprehensive security operations suite, including SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms for real-time security monitoring, threat detection, and incident response.
Palo Alto Networks offers an extensive portfolio of security monitoring solutions, including Cortex XDR for extended detection and response across network, endpoint, and cloud, and Cortex XSIAM for autonomous security operations and SIEM capabilities.
CrowdStrike is a leader in cloud-native endpoint protection, offering the Falcon platform with advanced EDR (Endpoint Detection and Response) and XDR capabilities for continuous security monitoring, threat hunting, and incident response across various attack surfaces.
Microsoft provides a range of security monitoring solutions, including Microsoft Sentinel, a cloud-native SIEM and SOAR platform, and Microsoft Defender for Endpoint, offering advanced EDR and threat intelligence for security operations.
IBM Security offers QRadar, a robust SIEM platform that provides security intelligence, analytics, and event management for real-time threat detection, anomaly detection, and compliance monitoring.
Fortinet develops a broad array of cybersecurity solutions, including FortiSIEM for integrated security information and event management, and FortiEDR for real-time endpoint protection and response, all designed for continuous security monitoring.
Rapid7 offers InsightIDR, an extended detection and response (XDR) solution that combines SIEM, EDR, and user behavior analytics (UBA) for comprehensive security monitoring, threat detection, and incident investigation.
SentinelOne provides an AI-powered security platform, Singularity, which offers autonomous XDR capabilities for real-time security monitoring, threat prevention, detection, response, and hunting across endpoints, cloud workloads, and IoT devices.