[SANS ISC] Suspicious Endpoint Containment with OSSEC
I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“: When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections. To place the device into a restricted environment is definitively better than powering off the system
The post [SANS ISC] Suspicious Endpoint Containment with OSSEC appeared first on /dev/random.
Continue reading [SANS ISC] Suspicious Endpoint Containment with OSSEC