System Monitoring
Description
Monitor the system to detect attacks, indicators of compromise, and unauthorized connections.
⚠️ Risk Impact
Without monitoring, attacks go undetected until significant damage occurs.
🔧 Remediation
Enable monitoring and alerting across all systems. EchelonGraph provides centralized security monitoring dashboard.
💀 Real-World Attack Scenario
A government cloud environment had GuardDuty enabled but no human review process for findings. Over 6 months, GuardDuty generated 2,400 findings including credential exfiltration, bitcoin mining, and unauthorized API calls — all ignored. The actual breach was discovered by a journalist investigating leaked citizen data.
💰 Cost of Non-Compliance
SolarWinds 2020 demonstrated the cost of monitoring gaps in government: $100M+ remediation. Average government breach without active monitoring: $8.2M. CISA considers SI-4 a critical control.
📋 Audit Questions
- 1.What monitoring tools are deployed?
- 2.How are monitoring alerts triaged and escalated?
- 3.Show evidence of responding to monitoring alerts.
- 4.What is your mean-time-to-detect for security incidents?
🎯 MITRE ATT&CK Mapping
⚡ Common Pitfalls
- ⛔Monitoring tools deployed but findings not reviewed by humans
- ⛔Alert fatigue from uncurated alert rules (too many false positives)
- ⛔Monitoring only network traffic but not API activity and data access
📈 Business Value
Active system monitoring transforms security tools from expensive paperweights into actual defenses. The difference between collecting alerts and RESPONDING to alerts is the difference between a detected and undetected breach.
⏱️ Effort Estimate
40-80 hours for comprehensive monitoring setup including triage processes
EchelonGraph provides unified security monitoring with prioritized findings
🔗 Cross-Framework References
Automate NIST 800-53 SI-4 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →