Security, Logging, Monitoring, and
Intrusion Detection
System audit logs are important and therefore, they are protected and retained. These
logs adhere to the applicable legal and regulatory compliance obligations. If there is a
security breach, the system audit logs ensure a unique user access accountability to detect
potentially suspicious network behaviors, file integrity anomalies, and support forensic
investigation .
The service continuously collects and monitors environment logs, which are correlated
with both public and private threat feeds to detect suspicious and unusual activities.
Also, intrusion detection devices such as honeypots are used.
Audit logs are centrally stored and retained
whenever required. The Information Security Management System (ISMS) tests the audit
logs annually and the VMware Security Operations Center monitors and reviews them
continuously.
VMware has an intrusion detection system and
other tools to monitor any deviations in production from the baseline configurations,
and generate notifications.