The best way to monitor your entire network, including critical systems and network gear, is with a comprehensive log management solution. Log management provides a way to observe your entire network and allows you to look at individual events within the context of overall network status. Let's look at how this works.
Figure 1 shows a network with a typical defense-in-depth configuration. A firewall controls traffic flowing from the Internet, an intrusion prevention system (IPS) monitors allowed traffic--both in and out--and VLANs control the flow of traffic within the network via access control lists. Finally, the wireless access point controls access with encryption and a strong key.
One way to check whether the controls are operating properly and that nothing unusual is happening on your network is to review logs on each system of interest. In this example, systems of interest include the firewall, the IPS, the switches, and any computer which stores or processes sensitive data. This is time consuming, frustrating, and results in looking at each log in isolation; events occurring on one device are not correlated with events occurring on other devices.
Another approach is implementation of a set of monitoring tools which alert you when specific events occur. This reduces your time commitment and is far less frustrating. However, it still doesn't result in understanding how all events monitored, including seemingly harmless ones, might show unwanted activity that doesn't appear by reviewing individual events.
My preferred approach is to collect all the logs in a central log server, correlate events, and present the results via a portal dashboard, as shown in Figure 2 (SecureWorks). This reduces time by providing a single screen a security analyst can watch throughout the day, drilling deeper as necessary. It provides an overall picture of network activity by combining logs from all monitored devices. These systems can alert staff when critical issues arise. They also serve as a single point for managing all identified vulnerabilities and incidents.
However you choose to monitor your network, make sure you do it. Don't assume your network is secure because you implemented all the appliances and software recommended by "best practice". And although it is outside the scope of this article, make sure you have a documented and practiced incident response plan.