Which function of the NIST Cybersecurity Framework involves monitoring the network for active attacks?

The function within the NIST Cybersecurity Framework that involves monitoring the network for active attacks is the "Detect" function. This function focuses on identifying cybersecurity events and ensuring that appropriate activities are in place to detect potential incidents. Effective detection capabilities enable organizations to recognize anomalies and potential breaches as they occur, allowing for a timely response to mitigate any damage.

Monitoring the network plays a crucial role in this function, as it involves the implementation of continuous surveillance activities, including intrusion detection systems and security information and event management (SIEM) tools. These measures help to quickly identify and respond to threats, ensuring that the organization can detect and address potential security incidents in real-time.

The other functions—Identify, Protect, and Recover—serve different purposes within the framework. The Identify function is about understanding organizational risks, Protect focuses on implementing safeguards to reduce potential impacts, and Recover involves restoring services and capabilities after a cybersecurity incident has occurred. Each function contributes to a comprehensive approach to managing cybersecurity but differs in its specific objectives and activities.