Integrating Traps and Deceptive Measures into Incident Response
What relationship do traps and deceptive measures have to incident response? We’ve already provided a few answers to this question (for example, that traps and deceptive measures provide more time to develop an optimal incident response strategy after an incident has been detected). This final section of the chapter addresses this question in terms of stages of the PDCERF incident response methodology.
Detection
By now, the value of traps and deceptive measures as detection measures should be obvious. The actions of attackers who stumble onto honeypots can provide a valuable indication that an attack on one or more networks (and the systems therein) is underway. Although they do ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
