OPERATIONS MANUAL: IPC - Stage One

by Hal Flynn
Sept. 17, 2017 1 comment Symantec Detection & Response

Many ID systems can be set up to automatically respond with some predefined set of activities upon detection of specified events. In this case some reasonable assessment process must be carried out ahead of the incident. The business impact of highly malicious events is pre-assessed and it is decided that the cost of a false positive is outweighed by the impact of a successful occurrence of the specified event. For example it may be better to block the source IP address(es) when an obvious denial of service is coming at you. Some ID systems can change the access control lists in a filtering router to block or shun addresses. Then again some of those source addresses could be faked, spoofing some business partners. In this case you would be then be creating your own denial of service.

https://www.symantec.com/connect/articles/operations-manual-ipc-stage-one

Avatar
2flash 2 months ago

Informative and easy to read. Just perfect! Thanks for uploading it!

Reply