Does your organization have monitoring systems in place to detect malicious activities across email, web, file sharing, and collaboration services?
Explanation
Monitoring common attack vectors is essential for early detection of security threats like malware, phishing attempts, and data exfiltration. Without proper monitoring, malicious activities may go undetected until significant damage occurs, such as data breaches or system compromises. Effective monitoring should cover all primary communication channels including email systems, web traffic, file sharing platforms, and collaboration tools.
Evidence could include documentation of deployed security monitoring solutions (such as email security gateways, web proxies, DLP systems), screenshots of monitoring dashboards (with sensitive information redacted), or recent security monitoring reports showing detection capabilities across these channels.
Implementation Example
Monitor email, web, file sharing, collaboration services, and other common attack vectors to detect malware, phishing, data leaks and exfiltration, and other adverse events
ID: DE.CM-09.285
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

