- NSM
- data in motion
- Services: DNS, HTTP(S), SMB, RDP, FTP, SSH, etc
- Identifying risky / compromise-like behavior ex: Internal recon and pivoting - C2 - data exf
- NSM by Layer: Layer 3/4 (IP/Port), Layer 7 Transaction Data, Layer 7 Full Payload
- CSM
- data at rest
- configuration
and baseline monitoring as well as analyzing and recording information
about file and registry changes,
processes, autoruns items.
- SIEM
- One place to search and alert on events
