Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Conference Coverage
10 Apr 2026
RSAC 2026 Conference: Key news and industry analysis
Check out SearchSecurity's RSAC 2026 guide for reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
-
Feature
07 Apr 2026
Agentic AI's role in amplifying and creating insider risks
AI agents might just outdo humans in causing insider risk chaos. From employees using shadow AI to rogue agents, it's time to keep humans and machines in check. Continue Reading
-
Answer
03 May 2012
Does .cc domain malware demand domain blocking?
Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy? Continue Reading
-
Tip
20 Dec 2010
ngrep: Learn how to find new malware with ngrep examples
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool. Continue Reading
-
Answer
11 Aug 2009
Port scan attack prevention best practices
While it's impossible to prevent against all port scanning attacks, there are best practices for port scanning security (such as a port scanning firewall) that can keep your network secure. Expert Mike Chapple weighs in. Continue Reading
-
Feature
24 Jul 2009
Rogue AP containment methods
Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these containment features work, their potential side-effects, and what network administrators should consider before activating them. Continue Reading
-
Tip
07 May 2009
Do you need an IDS or IPS, or both?
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems. Continue Reading
-
Answer
14 Apr 2009
How to analyze a TCP and UDP network traffic spike
What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management. Continue Reading
-
Answer
09 Jan 2009
What is the cause of an 'intrusion attempt' message?
Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause. Continue Reading
-
Answer
13 Jun 2008
How to hide system information from network scanning software
Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks. Continue Reading
-
Tip
17 Mar 2008
Intrusion detection system deployment recommendations
Before you take the time and effort to deploy an IDS, consider this advice. Continue Reading
-
Answer
09 Apr 2007
How can hackers bypass proxy servers?
Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools. Continue Reading
- Quiz 18 Jul 2005
-
Quiz
18 Jul 2005
Quick Quiz: Intrusion-prevention systems
Test your knowledge of intrusion-prevention systems (IPS) with these five multiple-choice questions. Continue Reading
