Which type of control is designed to detect an attack while it is occurring?

Detective controls are specifically designed to identify and detect security incidents as they occur, which makes them essential for maintaining security and responsiveness in an organization. These controls provide alerts and notifications about suspicious activities or potential threats, allowing security teams to respond to incidents in real-time. Examples include intrusion detection systems (IDS), security information and event management (SIEM) systems, and logs that highlight anomaly detection.

In contrast, preventative controls aim to stop issues before they happen, such as firewalls and access control measures. Corrective controls focus on restoring systems after an incident has occurred, while compensating controls provide alternative protections when primary controls are ineffective or impractical. Therefore, in the context of this question, the best choice that fulfills the requirement of detecting ongoing attacks is indeed the detective control.