Challenge: Though the goal of real-time monitoring is to raise an alarm at the first inkling of an attack, the chances of missing an attack are still quite high.
Solution: Fortunately, granular access audits can help find the attack and reveal why it wasn't properly detected in the first place.
The CSA outlines the major components of auditing as:
1. Completeness of the required audit
2. Timely access to audit information
3. Integrity of the information
4. Authorized access to the audit information
To ensure a successful audit, include the proper techniques and technologies in your big data infrastructure, including application logging, security information and event management (SIEM), forensics tools, and enabling syslog on routers.