Chapter 18. Automated and Manual Response

Automated and Manual Response

When we were learning how to analyze network traces, we discussed stimulus and response in detail. Now, we use the same concept but apply it at the organizational level as we consider the defensive responses available to us. The stimulus will generally be a “successful” attack or attack attempt. A successful attack, if detected, invokes an incident-handling procedure. How do we define a successful attack? In the vein of “any landing you can walk away from is a good one,” we can say “any attack that causes us to take action above our normal filtering is a successful attack.” Do you agree? If not, keep in ...

Get Network Intrusion Detection, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.