Multi-Layer Intrusion Detection Systems

by Nathan Einwechter
Sept. 25, 2017 1 comment Symantec Detection & Response

A business critical system has been breached by attackers. Responding to the event, you grab your gear and head down to where the system is. En route a red faced executive seemingly about to explode brushes past you in a hurry, suddenly turning around upon realization that you are the specialist responding to the very incident which has him on the brink. Already knowing the words about to come out of his mouth, the man begins to spout, "We need this system back up immediately!! We have a major demonstration today and can NOT afford to allow this system to be down! FIX IT NOW!" Politely, you force out a yes sir, and head to the server room where the system is located. As you login, you know time is against you. This paper will discuss the basics of mIDS technology, why it is potentially beneficial to implement, who should implement it, and how it works. Much of this paper is to serve as a basis upon which to build the next paper in this series.

2flash 7 months, 3 weeks ago

Immediate back-up is the first emergency measure in such cases, though a lot of other stuff should be done also - as described in the article.