Chapter 5

Detecting System Intrusions

Scott R. Ellis     kCura Corporation, Chicago, IL, United States

Abstract

Security is the process of understanding, increasing the understanding, modifying, and communicating the level of actual risk. Detecting system intrusions, then, should not be confused with intrusion detection systems (IDSs) or intrusion prevention systems (IPSs), which often simply throw alerts and do not provide for an explanation or system of investigation. For that, we turn to the discipline of network security monitoring (NSM). NSM endeavors to pull together all of the resources that are provided by IDS and IPS, and provide a way to understand, measure, profile, and explore the alerts as a whole, and analytically. It moves beyond the ...

Get Computer and Information Security Handbook, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.