Incident Response Plan

Snort helps you discover and manage security-related events. Up until now the focus of this book has been on the gathering and alerting of intrusion related data. The relevant question remains of what to do when you detect a real intrusion. Many novice security practitioners assume that they will deal with the specifics of an incident when it actually arises. The flawed logic is that each security event is unique and that any pre-planning is useless. Security events are best handled when they are reacted to according to a previously developed plan that includes all the appropriate persons. Industry best practices and established guidelines have determined that developing an incident response plan greatly reduces the negative ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.