Episode 129: Monitoring Computing Resources (Domain 4)

Monitoring is the heartbeat of any modern security operation, providing real-time visibility into systems, applications, and infrastructure. In this episode, we explore how organizations monitor computing resources for both performance and security, using tools like agents, collectors, log forwarders, and telemetry APIs. We discuss the difference between host-based and network-based monitoring, and how to build a centralized view through Security Information and Event Management (SIEM) platforms. The focus is on both proactive and reactive monitoring—identifying anomalies before they become incidents, and having the forensic data needed to investigate when something does go wrong. We also touch on key metrics such as CPU load, memory usage, disk activity, and log generation, which can indicate not just performance issues, but malicious behavior. Monitoring isn’t just watching—it’s knowing what to look for, when to alert, and how to respond.