Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Feature
11 Mar 2025
Incident response for web application attacks
Web app security is like learning to ride a bike -- expect to struggle before getting it right. But don't be disheartened; learn from prior incidents to improve controls. Continue Reading
-
Feature
06 Mar 2025
Treasury Department hacked: Explaining how it happened
Another major cyberattack hit the U.S. Treasury, allegedly by Chinese state-sponsored hackers. Exploiting BeyondTrust software, they accessed sensitive unclassified documents. Continue Reading
-
Tip
23 Feb 2015
Introduction to intrusion detection and prevention technologies
Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important. Continue Reading
-
Tip
20 Feb 2015
Evaluating enterprise intrusion detection system vendors
Selecting an intrusion detection and prevention system vendor can be a time-consuming task. Get help evaluating vendors and products with this list of must-ask questions. Plus, a comprehensive vendor list. Continue Reading
-
Feature
03 Sep 2014
Introduction to Information Security: A Strategic-Based Approach
In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention. Continue Reading
-
Answer
11 Feb 2014
Why TCP traffic spikes with source port zero should sound an alarm
Are spikes in TCP traffic with source port zero warning signs that future attacks are imminent? Discover why enterprises should be concerned. Continue Reading
-
News
19 Jun 2013
RSA Silver Tail improves online fraud detection, enterprise security
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface. Continue Reading
-
Answer
08 May 2013
Fiber optic networking: Assessing security risks
Matthew Pascucci discusses the potential security risks associated with fiber optic networking. Continue Reading
-
Quiz
07 Mar 2013
Quiz: Targeted attacks
Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading
-
Answer
30 Jan 2013
How to implement firewall policy management with a 5-tuple firewall
Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons. Continue Reading
-
Answer
03 May 2012
Does .cc domain malware demand domain blocking?
Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy? Continue Reading
-
Tip
20 Dec 2010
ngrep: Learn how to find new malware with ngrep examples
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool. Continue Reading
-
Answer
11 Aug 2009
Port scan attack prevention best practices
While it's impossible to prevent against all port scanning attacks, there are best practices for port scanning security (such as a port scanning firewall) that can keep your network secure. Expert Mike Chapple weighs in. Continue Reading
-
Feature
24 Jul 2009
Rogue AP containment methods
Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these containment features work, their potential side-effects, and what network administrators should consider before activating them. Continue Reading
-
Tip
07 May 2009
Do you need an IDS or IPS, or both?
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems. Continue Reading
-
Answer
14 Apr 2009
How to analyze a TCP and UDP network traffic spike
What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management. Continue Reading
-
Answer
09 Jan 2009
What is the cause of an 'intrusion attempt' message?
Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause. Continue Reading
-
Answer
13 Jun 2008
How to hide system information from network scanning software
Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks. Continue Reading
-
Tip
17 Mar 2008
Intrusion detection system deployment recommendations
Before you take the time and effort to deploy an IDS, consider this advice. Continue Reading
-
Answer
09 Apr 2007
How can hackers bypass proxy servers?
Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools. Continue Reading
- Quiz 18 Jul 2005
-
Quiz
18 Jul 2005
Quick Quiz: Intrusion-prevention systems
Test your knowledge of intrusion-prevention systems (IPS) with these five multiple-choice questions. Continue Reading
