Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

Top Stories

Feature 30 May 2023
Vendors: Threat actor taxonomies are confusing but essential

Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
News 25 May 2023
Chinese hackers targeting U.S. critical infrastructure

Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading

News 16 Feb 2018

SonicWall spots Meltdown exploits with machine learning tech

SonicWall says its new deep memory inspection technology, which powers the vendor's Capture Cloud sandbox service, can block Meltdown threats and other zero-day attacks. Continue Reading
Answer 29 Jan 2018

Devil's Ivy vulnerability: How does it put IoT devices at risk?

A gSOAP flaw was found in an Axis Communications security camera and branded the Devil's Ivy vulnerability. Learn how it threatens IoT devices with expert Nick Lewis. Continue Reading
Answer 06 Sep 2017

How can enterprises secure encrypted traffic from cloud applications?

As enterprises use more cloud applications, they generate more encrypted traffic. Expert Matthew Pascucci discusses the challenges that presents for network security teams. Continue Reading
Feature 23 May 2017

Learn what breach detection system is best for your network

Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading
Answer 28 Apr 2017

How does an active defense system benefit enterprise security?

Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options. Continue Reading
Answer 17 Apr 2017

How does the PoisonTap exploit bypass password locks on computers?

The PoisonTap exploit can bypass password locks on computers, enabling an attacker to remotely control systems. Expert Nick Lewis explains how the attack works. Continue Reading
Answer 06 Apr 2017

How serious is a malicious DLL file vulnerability for enterprises?

A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification. Continue Reading
Answer 10 Mar 2017

Attack by TIFF images: What are the vulnerabilities in LibTIFF?

Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading
News 17 Feb 2017

Q&A: Digging into darknet technology with Farsight's Andrew Lewman

At RSAC, former Tor Project CEO Andrew Lewman explains the latest research into darknet technology and how that tech continues to evolve as an attack vector. Continue Reading
News 10 Feb 2017

Corero: Telecom carriers have fallen behind on DDoS defense

Corero Network Security's Dave Larson talks with SearchSecurity about how DDoS defense has changed and why telecom service providers have struggled to keep up with new threats. Continue Reading
Answer 02 Feb 2017

What are the best anti-network reconnaissance tools for Linux systems?

Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options. Continue Reading
News 26 Jan 2017

Heartbleed bug still found to affect 200,000 services on the web

Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change. Continue Reading
Tip 24 Jan 2017

Monitoring outbound traffic on your network: What to look for

Outbound network traffic remains a weakness for many enterprises and is a major attack vector. Expert Kevin Beaver explains how to spot irregular occurrences in your network. Continue Reading
Buyer's Guide 21 Sep 2016

Wireless intrusion prevention systems: A buyer's guide

In this SearchSecurity buyer's guide, learn why it's important to have a wireless intrusion prevention system to protect your Wi-Fi networks and how to pick the right WIPS product. Continue Reading
Feature 29 Jul 2016

Mojo AirTight WIPS overview

Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks. Continue Reading
Tip 18 May 2016

Why signature-based detection isn't enough for enterprises

Signature-based detection and machine learning algorithms identify malicious code and threats. Expert Michael Cobb explains how both techniques defend networks and endpoints. Continue Reading
Tip 07 Mar 2016

What enterprises need to know about Internet traffic blocking

Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic. Continue Reading
Feature 14 Jan 2016

The business case for vulnerability management tools

Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products. Continue Reading
Tip 21 Dec 2015

Why relying on network perimeter security alone is a failure

A network perimeter security strategy alone can no longer protect enterprises. Expert Paul Henry explains why organizations must adapt. Continue Reading
Feature 12 Nov 2015

Comparing the best intrusion prevention systems

Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization. Continue Reading
Feature 28 Oct 2015

Three criteria for selecting the right IPS products

Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization. Continue Reading
Feature 20 Oct 2015

Enterprise benefits of network intrusion prevention systems

Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies. Continue Reading
Feature 13 Oct 2015

The basics of network intrusion prevention systems

Expert Karen Scarfone explores intrusion prevention systems and their acquisition, deployment and management within the enterprise. Continue Reading
Tip 23 Feb 2015

Final five considerations when evaluating intrusion detection tools

Before making an investment in an intrusion detection and prevention system, be sure to read this list of five final considerations to keep in mind during intrusion detection system evaluation. Continue Reading
Tip 23 Feb 2015

Introduction to intrusion detection and prevention technologies

Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important. Continue Reading
Tip 20 Feb 2015

Evaluating enterprise intrusion detection system vendors

Selecting an intrusion detection and prevention system vendor can be a time-consuming task. Get help evaluating vendors and products with this list of must-ask questions. Plus, a comprehensive vendor list. Continue Reading
Feature 03 Sep 2014

Introduction to Information Security: A Strategic-Based Approach

In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention. Continue Reading
Answer 11 Feb 2014

Why TCP traffic spikes with source port zero should sound an alarm

Are spikes in TCP traffic with source port zero warning signs that future attacks are imminent? Discover why enterprises should be concerned. Continue Reading
News 19 Jun 2013

RSA Silver Tail improves online fraud detection, enterprise security

Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface. Continue Reading
Answer 08 May 2013

Fiber optic networking: Assessing security risks

Matthew Pascucci discusses the potential security risks associated with fiber optic networking. Continue Reading
Quiz 07 Mar 2013

Quiz: Targeted attacks

Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading
Answer 30 Jan 2013

How to implement firewall policy management with a 5-tuple firewall

Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons. Continue Reading
Answer 03 May 2012

Does .cc domain malware demand domain blocking?

Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy? Continue Reading
Tip 20 Dec 2010

ngrep: Learn how to find new malware with ngrep examples

In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool. Continue Reading
Answer 11 Aug 2009

Port scan attack prevention best practices

While it's impossible to prevent against all port scanning attacks, there are best practices for port scanning security (such as a port scanning firewall) that can keep your network secure. Expert Mike Chapple weighs in. Continue Reading
Feature 24 Jul 2009

Rogue AP containment methods

Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these containment features work, their potential side-effects, and what network administrators should consider before activating them. Continue Reading
Answer 14 Apr 2009

How to analyze a TCP and UDP network traffic spike

What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management. Continue Reading
Answer 09 Jan 2009

What is the cause of an 'intrusion attempt' message?

Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause. Continue Reading
Answer 13 Jun 2008

How to hide system information from network scanning software

Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks. Continue Reading
Tip 17 Mar 2008

Intrusion detection system deployment recommendations

Before you take the time and effort to deploy an IDS, consider this advice. Continue Reading
Answer 09 Apr 2007

How can hackers bypass proxy servers?

Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools. Continue Reading
Quiz 18 Jul 2005

Quick Quiz answers: IPS

Quick Quiz answers: IPS Continue Reading
Quiz 18 Jul 2005

Quick Quiz: Intrusion-prevention systems

Test your knowledge of intrusion-prevention systems (IPS) with these five multiple-choice questions. Continue Reading
Tip 05 May 2005

Where to place IDS network sensors

JP Vossen explains where to place IDS sensors. Continue Reading