It is important to continuously monitor for Indicators of Compromise. As firewall configurations are modified based on changing developments in the customer network, the firewall configuration and the traffic flowing through the firewall needs be constantly watched for threats, misconfiguration, mistakes, and other issues affecting the firewall configuration. Time constraints require that this monitoring and maintenance process not be excessively time consuming.
This activity defines the processes, manual and automated, used to do this monitoring, maintenance, and necessary reconfiguration based on the observations. It also covers how to verify that an Indicator of Compromise or a group of them conclusively indicate an issue that needs to be remedied.
This activity includes specific ongoing operational processes and reports that should be executed at set intervals (Daily, Weekly, Monthly, Real-Time event driven).