Chapter 18. Automated and Manual Response
When we were learning how to analyze network traces, we discussed stimulus and response in detail. Now, we use the same concept but apply it at the organizational level as we consider the defensive responses available to us. The stimulus will generally be a “successful” attack or attack attempt. A successful attack, if detected, invokes an incident-handling procedure. How do we define a successful attack? In the vein of “any landing you can walk away from is a good one,” we can say “any attack that causes us to take action above our normal filtering is a successful attack.” Do you agree? If not, keep in ...
Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.