InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October 23. Filtering and Monitoring
"A graphic announcing 'October is Cyber Security Awareness Month,' with text explaining the importance of creating a cyber emergency contact list in preparation for a cyber attack. It also includes a 'Cyber tip' to assess passwords, turn on MFA, and review critical accounts, especially email. A shield icon with a checkmark and a lightbulb icon are visible."
Information/Cyber Security

October 23. Filtering and Monitoring

In cybersecurity, filtering and monitoring are proactive measures that act as your digital watchdogs, guarding against threats by controlling what comes in and out of your networks and systems, and by continuously observing activity for suspicious signs. These practices are essential for early threat detection and prevention.

Filtering: Filtering decides who gets in to your network and who doesn't based on a set of rules.

  • Email Filtering (Anti-Spam/Anti-Phishing): Blocks unwanted or malicious emails before they reach your inbox. This includes spam, phishing attempts, and emails containing malware.

  • Web Content Filtering: Prevents users from accessing known malicious websites (e.g., sites hosting malware, phishing pages) or inappropriate content. This can be used for both security and productivity.

  • Firewall Filtering: Firewalls examine incoming and outgoing network traffic, allowing or blocking it based on predefined rules (e.g., blocking traffic from known malicious IP addresses, allowing only specific types of traffic).

  • DNS Filtering: Blocks access to malicious domains at the Domain Name System (DNS) level before a connection can even be established.

Monitoring: Monitoring is like a security guard constantly patrolling, looking for anything out of the ordinary. It involves continuously collecting and analysing data from various sources to detect suspicious activities, policy violations, or potential security incidents.

  • System Logs: Reviewing logs from operating systems, applications, and network devices for anomalies (e.g., failed login attempts, unusual file access, unauthorised configuration changes).

  • Network Traffic Monitoring: Analysing network traffic patterns for unusual spikes, connections to suspicious IP addresses, or data exfiltration.

  • User Activity Monitoring : Tracking user actions, especially for privileged accounts, to detect insider threats or compromised accounts.

  • Security Information and Event Management (SIEM) Systems: For organisations, SIEM solutions collect, aggregate, and analyse security logs and events from across the entire IT infrastructure, providing a centralised view for threat detection and incident response.

  • Endpoint Detection and Response (EDR): Monitors activities on individual devices (endpoints) for malicious behaviour.

Why are filtering and monitoring crucial?

  • Early Detection: They allow you to detect and respond to threats much faster, minimising potential damage.

  • Prevention: Filtering actively blocks many threats before they can reach your users or systems.

  • Compliance: Many regulatory frameworks require organisations to implement robust logging and monitoring capabilities.

  • Forensics: Collected logs and monitoring data are invaluable for investigating security incidents and understanding how a breach occurred.

By combining proactive filtering with vigilant monitoring, you create a dynamic defence system that helps keep your digital environment safe and secure.

💡Today's Cyber Tip: Check Your Email Spam Folder (Carefully)!

Today, take a quick look at your email's spam or junk folder. While most emails there are legitimate spam, occasionally real phishing attempts slip through. Don't click anything, but observe the subject lines and sender names to sharpen your phishing detection skills. Then, empty the folder.

Review the DfE Meeting Digital and Technology Standards in Schools and Colleges : which advises you to set up filtering and monitoring services to work with the network's security features enabled. We have support, guidance and trackers to help you assess and monitor your progress: https://digitalstandardstracker.co.uk/

Review: NCSC Device Security Guidance which advises using logging and monitoring to identify threats and protect smartphones, tablets, laptops and desktops as it is central to the identification and detection of threats to your IT systems. 

Don't forget you should be collaborating with relevant staff, such as the DSL if you are school, to ensure you have the appropriate filtering set!

Following an update in September 2023 this now also comes under Keeping Children Safe in Education:
KCSIE: Filtering, Monitoring and Privacy
How KCSIE is linked to Cyber Strategy

DPE Knowledge Bank Guidance and Support:


For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress: 

   

Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:



Why not have a look at our 'specialist' trainer Harry the Hacker :

©2025 Data Protection Education Ltd.

Search