White Paper Abstract:
This paper explains that security administrators of traditional intrusion detection and prevention systems (IDSs/IPSs) have had difficulty effectively classifying the fidelity of IDS alarms received at the monitoring console. The accuracy of such classifications is dependent on several functions, including the sophistication of signature encoding, advanced risk-balanced rating algorithms, and target-based attack relevancy ratings. However, event correlation plays an important role in giving users information that is critical for arriving at informed decisions on how to mitigate today's sophisticated worms and viruses.