Since there is no absolute security against data theft, infections with viruses and worms, or against unauthorized access, companies must provide appropriate tools when they detect such incidents so that those responsible can respond appropriately to such events. This issue is anchored in incident response, the response to security breaches.
An incident is an occurrence; it can be an intrusion into a security system, unauthorized access to a system, data theft, password spying, or the failure of a computer or storage device. Incident response is used to respond to this security incident. It is a special procedure tailored to the company's needs with which as much information as possible about security-related incidents is collected and evaluated. The goal of these measures is to keep data loss as low as possible.
The various incident response tools differ functionally and can be divided into forensic tools and live tools, with the former looking for clues and the latter responding immediately to events.