In IT security, as in policing the streets of our neighborhoods, one of the favorite buzzwords is “proactive.” The problem is that dealing with attacks and intrusions is something is, by its very nature, reactive. There’s a reason police are called first responders and it’s the same reason we have Computer Emergency Response teams. In most cases, the good guys are responding or reacting to actions initiated by the bad guys. That puts us a step behind and leaves us at a disadvantage. And the longer it takes for us to become aware that an attack is occurring or has occurred, the harder it is to lessen the impact and/or catch the perpetrator.
That’s why early warning systems are so important. This series of articles from Ecurosis deals with the importance and development of early warning systems for IT security and it makes great reading. Check it out here: