Managed Security Monitoring
This is the day-to-day monitoring and interpretation of important system events throughout the network—including unauthorized behavior, malicious hacks, denial of service (DoS), anomalies, and trend analysis. It is the first step in an incident response process
This includes one-time or periodic software scans or hacking attempts in order to find vulnerabilities in a technical and logical perimeter. It generally does not assess security throughout the network, nor does it accurately reflect personnel-related exposures due to disgruntled employees, social engineering, etc. Regularly, reports are given to the client.
Conduct change management by monitoring event log to identify changes to a system that violates a formal security policy. For example, if an impersonator grants himself or herself too much administrative access to a system, it would be easily identifiable through compliance monitoring.