SANS Digital Forensics and Incident Response Blog: Daily Archives: Jan 10, 2011

Favoring Frameworks for Intrusion Detection and Prevention

Revealing, maturing, and utilizing indicators through their lifecycle is the analytical engine behind Security Intelligence (or, if you prefer, Intel-driven CND). Each of these actions can be enhanced with custom, FOSS, and COTS tools, but perhaps no aspect relies on tools more heavily than the act of leveraging intelligence. The data rates and sizes of today's computers and networks mean that only through the use of automation can intelligence be leveraged - manual searching and correlation by analysts is simply impossible. Thus, the ability to codify intelligence in network and host security tools defines the limits of an organization's effective use of that intelligence. Continue reading Favoring Frameworks for Intrusion Detection and Prevention