Are you employing any next-generation persistent threat (NGPT) monitoring?
Explanation
Advanced threat detection is in scope here: whether you employ next-generation persistent threat (NGPT) monitoring built to catch sophisticated attacks that ordinary controls miss.
Next-Generation Persistent Threat (NGPT) monitoring refers to advanced security solutions that go beyond traditional signature-based detection methods to identify sophisticated attacks that may persist in your network for extended periods. These solutions typically use behavioral analysis, machine learning, and threat intelligence to detect unusual patterns that might indicate an advanced persistent threat (APT).
The question is being asked because traditional security tools (like basic firewalls and antivirus) often fail to detect sophisticated attacks that use novel techniques or zero-day vulnerabilities. Organizations with sensitive data or critical infrastructure need more advanced monitoring capabilities to identify threats that might otherwise remain hidden for months or years while extracting data or preparing for a major attack.
When answering this question, you should:
- Clearly state whether you have NGPT monitoring in place
- Describe the specific technologies or solutions you're using
- Explain how these solutions help detect sophisticated threats
- Mention any integration with your broader security operations
- Note any limitations in your current approach if applicable
Example Responses
Example Response 1
Yes, our organization employs comprehensive NGPT monitoring through our deployment of CrowdStrike Falcon EDR platform across all endpoints and servers This solution provides behavioral monitoring, machine learning-based threat detection, and real-time analysis of potential threats We supplement this with a Darktrace Enterprise Immune System deployment that uses AI to establish baseline network behavior and identify anomalies that may indicate sophisticated attacks Our Security Operations Center (SOC) monitors alerts from these systems 24/7 and follows established incident response procedures for any potential threats Additionally, we conduct regular threat hunting exercises to proactively search for indicators of compromise that might evade automated detection.
Example Response 2
Yes, we implement NGPT monitoring through a multi-layered approach We use Palo Alto Networks' Cortex XDR for endpoint detection and response, which employs behavioral analytics and machine learning to identify sophisticated threats Our network traffic is monitored by Cisco Stealthwatch, which provides network behavior analysis to detect anomalous traffic patterns that might indicate lateral movement or data exfiltration attempts These systems feed into our SIEM (Splunk Enterprise Security), where our security team correlates alerts and conducts investigations We also subscribe to threat intelligence feeds from Mandiant to enhance our detection capabilities for known APT groups and their tactics, techniques, and procedures (TTPs).
Example Response 3
No, we currently do not employ specific next-generation persistent threat monitoring solutions Our security infrastructure consists of traditional perimeter defenses including firewalls, IDS/IPS systems, and endpoint antivirus protection While these provide basic security coverage, we recognize the limitations in detecting sophisticated persistent threats We are currently evaluating several NGPT monitoring solutions including CrowdStrike Falcon and Microsoft Defender for Endpoint as part of our security roadmap for the next fiscal year In the interim, we compensate for this gap through regular vulnerability scanning, penetration testing, and security awareness training for our staff to minimize the risk of initial compromise.
Context
- Tab
- Infrastructure
- Category
- Firewalls, IDS, IPS, and Networking
Related questions
- Are you utilizing a stateful packet inspection (SPI) firewall?
- Do you have a documented policy for firewall change requests?
- Have you implemented an intrusion detection system (network-based)?
- Do you employ host-based intrusion detection?
- Are audit logs available for all changes to the network, firewall, IDS, and IPS systems?
- Is authority for firewall change approval documented? Please list approver names or titles in Additional Info.

