Assisting with monitoring network and systems activity for anomalous behaviour
Overview
This standard covers the competences needed to assist with monitoring computer network and system activity for anomalous behaviour in the network and endpoints.
In order to meet this standard, you are required to have the knowledge, skills and understanding necessary to undertake network monitoring processes. You will ensure that your work complies with all legal, statutory, industrial and organisational requirements, and follow applicable industry codes of practice. You will be required to work under close supervision and take responsibility for the quality and accuracy of the network monitoring work that you carry out.
This activity is likely to be undertaken by someone whose work role involves computer network security analyst work incorporating network monitoring for potential intrusion events e.g. Junior Analysts, Junior Network Analysts. You will work within a team of analysts to collect and document information on anomalous network events. You will be competent in monitoring network and system activity, identifying and validating issues reported by system alarms and user generated notifications.
Your underpinning knowledge will encompass; an understanding of the difference between intrusion detection and intrusion prevention, the fundamentals of computer network communications and routing protocols and the steps involved in monitoring computer networks and systems, including endpoints for irregular behaviour.
Performance criteria
You must be able to:
- monitor computer network and endpoint activity for anomalies and suspicious activities in order to detect potential intrusions
- troubleshoot and validate security issues reported by system alarms or end-users in the required timescales
respond to intrusion incidents and alert the team in line with organisational standards
assist in maintaining, tuning and testing Security Information and Event Management (SIEM) software to maintain their effectiveness
assist in evaluating the operational status of network security monitoring components (including network security sensors, network scanners and tools) to identify and resolve issues
report and document intrusions and irregular activities in line with organisational standards
validate intrusion incidents and escalate them to the team lead
locate and follow organisational policies and procedures to investigate and resolve possible security incidents
Knowledge and Understanding
You need to know and understand: