Many folks think that if they have great anti-virus software installed in their IT systems, they must surely be protected against any virus attack. Not so! There’s good, but not perfect virus software. Most virus software relies on virus “signatures”. Newer virus software uses advanced heuristics to trap viruses, but there’s never going to be 100% safe anti-virus software.
This means that a defense in depth strategy is your best bet to avoid being the victim of malwares or criminal attacks on your system. A good defense in depth strategy will include rock solid system monitoring, up to date system patching, intrusion detection systems and sophisticated access control mechanisms, in addition to your antivirus software.
One of the key requirements of a successful antivirus strategy is a policy based monitoring approach that focuses on specific critical systems and uses event logs to detect policy deviations. The logs are generated based on the security policies you adopt. Thus, security logging and alerts are determined by the security policies you choose for your IT system. A well defined policy based monitoring system will trap suspicious network traffic even when the traffic managed to slip past your antivirus software and intrusion detection systems. This is a but a simple example of how a defense in depth strategy will reinforce your security status and assure you that one or other of the multiple layers you’ve put in place will thwart a malicious attack on your systems.
Your monitoring will be only as good as your security policies that dictate the monitoring criteria. Clear, precise security policies are a must for successful implementation of security monitoring. You can create security policies for ensuring adherence to external mandates such as PCI-DSS regulations, as well as for ensuring security compliance by the employees of an organization.