Which practice involves ongoing surveillance for abnormal network activity?

Ongoing surveillance for abnormal network activity is continuous monitoring, which involves continuously collecting and analyzing security data from networks, endpoints, and applications to detect deviations from normal behavior in real time. It uses tools like SIEM, IDS/IPS, EDR, and network behavior analytics to identify anomalies such as unusual traffic patterns, failed logins, or data exfiltration, and to alert or respond automatically. Incident response planning focuses on having predefined procedures to handle incidents after detection, not the ongoing observation itself; data encryption protects confidentiality rather than monitoring activity; vulnerability scanning looks for known weaknesses on a periodic basis rather than continuously watching for signs of intrusion. Continuous monitoring is the practice that embodies ongoing surveillance for abnormal network activity.