COM-04: Intrusion Detection and Prevention Systems

Control Description

Intrusion detection systems (IDS) and/or intrusion prevention systems (IPS) are configured to provide continuous monitoring of the Company's network and early identification of potential security breaches, security threats, trends, and unusual system activities. Alert notifications are generated, logged, tracked, reported, and resolved when specific predefined conditions are met.

Plain Meaning

This control requires implementing systems that continuously monitor the network for suspicious or malicious activities. These systems should detect potential security threats in real-time, generate alerts when suspicious activity is found, and optionally block or prevent malicious traffic. All alerts and activities should be logged, tracked, and resolved according to predefined procedures.

Guard Duty

Alert Management System

Related Links

• AWS GuardDuty