More
A baseline of network operations and expected data flows for users and systems is established and managed
Event data are collected and correlated from multiple sources and sensors
Incident alert thresholds are established
The physical environment is monitored to detect potential cybersecurity events
Malicious code is detected
External service provider activity is monitored to detect potential cybersecurity events
Detected events are analyzed to understand attack targets and methods
Impact of events is determined
The network is monitored to detect potential cybersecurity events
Personnel activity is monitored to detect potential cybersecurity events
Unauthorized mobile code is detected
Monitoring for unauthorized personnel, connections, devices, and software is performed