Security is the process of understanding, increasing the understanding, modifying, and communicating the level of actual risk. Detecting system intrusions, then, should not be confused with intrusion detection systems (IDSs) or intrusion prevention systems (IPSs), which often simply throw alerts and do not provide for an explanation or system of investigation. For that, we turn to the discipline of network security monitoring (NSM). NSM endeavors to pull together all of the resources that are provided by IDS and IPS, and provide a way to understand, measure, profile, and explore the alerts as a whole, and analytically. It moves beyond the ...