Detect

A policy document is great, but what good is a policy if you cant figure out whether
anyone is following it? Much of the material in this book focuses on the Detect part of the
security wheel, since finding and identifying security vulnerabilities is a critical part of detecting violations of security policy. Other processes that fall into the Detect sphere
include the following:
Automated vulnerability scanning
Security event and information management (SEIM)
Intrusion detection systems (IDS)
Anomaly detection systems (ADS)
Security audits (including penetration testing)
This is not a book on the art of intrusion detection or forensic analysis, but we do
make several recommendations for Windows configuration settings throughout this
book that will enable a strong detective controls regime. Dont forget to review the logs
you keep in a timely fashiontheres no point in keeping them, otherwise.