Discussion on Designing a Security Incident Response System
As security events emerge in an endless stream, we have realized that only deploying intrusion detection devices and firewalls is hardly enough to constitute a satisfactory enterprise security system. Also, the enterprise security team often finds it more difficult to effectively control the increasingly complicated security situation. Traditional security products generate huge amounts of alert logs, checking of which wears security teams down. Meanwhile, security researchers put forward many a model that centers on data collection, data analysis, and response policies.