Cybersecurity

Beyond the Horizon: Proactive Security Monitoring Under the NIS2 Directive

February 11, 2025 - 3 minutes reading time
Article by Tycho Niestadt

The evolution of the Cybersecurity landscape has placed organizations under increasing pressure to strengthen their digital infrastructure. As threat actor(s) and threats become more sophisticated and regulation requirements grow stricter, the European Union’s Network and Information Systems 2 (NIS2) Directive emerges as a framework for enhancing resilience within the critical sectors. The directive mandates that each member state adopts a national cybersecurity strategy. In the Netherlands, the NIS2 is being implemented through the Cybersecurity Act (Cbw), which includes policies for supply chain security, vulnerability management, awareness and cybersecurity education. At its core, monitoring is an important aspect, both within organizations as well as across the changing external threat landscape.

The Imperative of Security Monitoring

On 17 October 2024 NIS2 came into effect. A grace period is in place until the third quarter of 2025 for organizations to implement the directive. The NIS2 directive aims to elevate cybersecurity standards across the EU by requiring organizations to adopt proactive and systematic measures to prevent, detect, and respond to cyber threats. Security monitoring is part of the underlying foundation of incident response. It offers assistance with these measures, enabling real-time detection of anomalies, rapid incident response, and a strategic understanding of external risks. Monitoring can be divided into internal and external measures.

Internal Monitoring: Protecting the Organization’s Crown Assets.

Security monitoring within an organization ensures that systems, networks, and sensitive data are protected from potential breaches. This can be done by configuring different solutions that combined give a solid overview of your assets, including the most valuable ones. Key Aspects include:

Continuous Incident Response and Threat Detection:

  • Implement a Security Information Event Management (SIEM) / Security Operation Center (SOC) solution that monitors your environment against cyber-attacks. These solutions provide systems and professionals to aggregate and analyze logs from diverse sources and act where needed.
  • Having a good Endpoint Detection and Response (EDR) solution is crucial to contain initial footholds and have a dedicated detection agent that assists in monitoring your endpoint devices.

Behavioral Analysis:

  • The solutions mentioned above can assist in defining use cases where a SOC team can act on. Analyzing the behaviors of systems and users can signal early signs of compromise by a threat actor, where an earlier warning can help in rapid response.

Vulnerability Management:

  • Having regular scans assists in getting information about weaknesses in the infrastructure or software, is critical to address vulnerabilities and assist in prioritizing patches.
  • Vulnerability scans help in getting rid of the blind spots and support better risk-based prioritization by delivering evidence what leads to tackle high impact vulnerabilities.

Keeping it on track

  • To see if all the measures taken are correct it’s important to maintain detailed logs of access, changes and events to ensure it’s in compliance with NIS2. Regular audits can assist in the process of keeping the measurements in line and compliance.

External Monitoring: Understanding the Threat Landscape

In addition to internal monitoring, it is just as important to look outward beyond your own horizon. It can lead to clues about what is going on in the constantly changing threat landscape. Gathering threat intelligence plays a crucial role in collecting data on known vulnerabilities, emerging attack vectors, adversary tactics of known and upcoming threat actors. Threat intelligence can be gathered in multiple ways, the two main sources are:

Information-sharing groups – These groups help stay informed about industry-specific threats. These groups like the Digital Trust Center (DTC), have I been Pwned and National Cyber Security Center (NCSC) help sorting lots of information and give you alerts when something is wrong. With the information given, organizations can take proactive mitigating measures and reduce possible attack surfaces.

Dark Web Monitoring – Monitoring the Dark web gives you intelligence about data leaks, lost/stolen credentials and organization specific characteristics on underground forums. The information can help you with proactive measures to mitigate risks stemming from exposed information.

Benefits of Proactive Security Monitoring

The NIS2 Directive highlights the critical importance of monitoring your environment within today’s interconnected world. Adopting a comprehensive monitoring approach mechanisms and maintaining vigilance over the external threat landscape delivers significant organizational benefits, compliance and resilience. In today’s landscape where cyber threats are inevitable, monitoring serves as the watchtower that monitors your horizon and looks beyond. By doing this the organization demonstrates robust commitment to cybersecurity and empowers to detect, deter, and defend against the evolving dangers of the digital age.

Contributor(s)

Tycho Niestadt is information security officer at Centric and focuses mainly on the technical side of security. He plays a central role in setting up and implementing the technical information policy. He supports the organisation in setting up critical processes and ensures that laws and regulations are properly aligned with internal policy.

Topics
Cybersecurity
Related articles
6 security tips for safe remote working
Cybersecurity
Remote working offers many advantages, but it is not without security risks. With these 6 simple security ...
How do you spot vulnerable IT systems?
Cybersecurity
By regularly examining your IT systems for vulnerabilities, you can prevent weaknesses from turning into ...

Insights on technology