ПРОГРАМНІ МЕТОДИ МОНІТОРИНГУ МЕРЕЖЕВОЇ БЕЗПЕКИ

Abstract

The software methods for monitoring network security (NSM - Network Security Monitoring) are discussed. With the growth and rapid development of mobile communications, rich data and artificial intelligence technologies, we are entering the era of the mobile Internet. With the continuous intellectualization of network security and infrastructure, information technology is widely used in the field of industrial control, making network security more and more open, bringing a new network security control system to the traditional relatively closed industrial control system. Currently, there is an increase in the number of information threats and factors leading to the unstable operation of data transmission networks. The prerequisites for this growth are the mass application, the complication of the hierarchy of computer networks and the increase in their structural complexity, the increase in the heterogeneity of software and hardware, the complication of the functionality of network services, which leads to the emergence of various vulnerabilities. Under such conditions, the development and improvement of methods for identifying information threats are of great importance. One of the components of ensuring information protection of networks is software systems designed to detect harmful or suspicious activity - network security monitoring methods (NSM). Network security monitoring techniques (NSM) are used to monitor network 133 communications for information security events. For maximum effect, a combination of capturing the entire packet in addition to logging network activity is recommended. This article provides definitions of network security monitoring methods, their classification, phases of the method cycle and their description. Some of the best known and widely used multi-module NSM solutions have been reviewed. The best known examples of such combinations are IDS/IPS, SEM/SIEM and UTM. Network security monitoring is important because it checks if the first lines of defense are working, gives us the opportunity to eliminate threats before they cause real damage if there is a vulnerability somewhere in your system, and allows us to understand where these vulnerabilities are and how to fix them before something will happen.