Are there systems out there that can establish context and deliver the goods? Yes, there are some vendors who can do this. How can you tell?
One way is to apply the following simple criteria:
Can the system perform the Three Dís? Can it detect the act of intrusion and the result of intrusion? Can it apply data reduction methods to determine the best course of action? And can it defend your network by applying the ABCís of defence Ė Alert you on critical events, block events if required and correct systems which have been compromised?
If these questions can be answered to your satisfaction, you can be assured that such a system can provide real business value and provide you with real-time network defense.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.