When Prevention Fails: The Role of IPS in Incident Response

Presented by

C. Matthew Curtin, Interhack, Founder

About this talk

Intrusion prevention technology is understandably focused on using network data to detect and to stop intrusions in progress. When (not if) intrusion prevention systems fail to prevent intrusions, can they provide any value to the management of an incident? Using a case study of a security incident that took an international organization offline, we will look at the IPS technology in place, the role that it played in addressing the incident, and how the incident progressed when the IPS failed to achieve its expected objectives. Lessons learned will include consideration of how to use IPS technology can better be deployed, how available data may be used to assess fast-moving situations, and how IPS technology can fit into a larger program for identifying and responding to security incidents.

Related topics:

More from this channel

Upcoming talks (12)
On-demand talks (3529)
Subscribers (181934)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.