Definition[edit | edit source]
A Network Early Warning System (NEWS) is
|“||[a]n automated method for spotting early indicators of network-based attacks, and by correlating individual network security incidents, can help analysts determine if the site is under a large-scale or coordinated attack.||”|
Overview[edit | edit source]
NEWS cues the analyst to early signs of attack and can detect multisite attacks in their stages. By examining traffic data, NEWS can determine the intended targets of an attack (e.g., an attack signature containing a string such as "CMD.EXE" would indicate the the target is Microsoft Windows).