Network security is a constant war. When defending against the enemy, you must know your own territory and implement defense mechanisms in place.
1-Firewall is there to protect your inside network from threats in internet. But misconfiguration and mistake is possible, how to detect it?
2-If a policy rules on firewall or WSA are changed which causes some rules placed on the top. How to detect this?
3-If an authorized server is used with stolen credentials and the attacker perfoms scanning and reconnaissance attack. How to detect this?
4-If you are using DNS Layer security with Umbrella as the trusted DNS server, and users are using rogue DNS servers with risk of traffic redirection to malicious websites. How to detect this violation?
5-If you have a huge volume of exfiltration data. How to detect this?
6-You want to build policy segmentation on firewalls and other security products but you dont want to disrup critical business activites. How to to use policies without enforcing them?
7-You want to detect malware in encrypted traffic without decryption while maintaining Data Integrity. How to do this?