Premium Content

Access "React in seconds with a network incident response plan"

Marcus Ranum Published: 01 Feb 2004

We need automated response tools that go beyond fledging IPSes. It's 2 a.m. Saturday, and something nasty is running loose on the network. All indications are it's a fast-replicating worm powered by a zero-day exploit. Within minutes, your network traffic is spiking as the worm ravenously scans for targets. Without hesitation, a sysadmin hits the "Big Red Button," which shuts down or isolates critical portions of your network, and closes ports used by the affected service on all noncritical network segments. Seem a little extreme? It's not entirely irrational. Allowing a worm infection could cause extensive damage and downtime. The activation of some predetermined emergency lockdown sequence could spare vast portions of your network from infection and damage. A little lost accessibility and productivity is a couple of shades better than the cost of restoring numerous systems and recovering lost data. Security solutions are grudgingly integrating to provide rapid responses to previously unseen threats. Eventually, IDSes and firewalls will talk to each other, ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free