4 CONSIDERATIONS FOR EVALUATING AN INTRUSION DETECTION SYSTEM

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

by Kent Wilson

The cybersecurity landscape is cluttered with tools, many of which are difficult to understand. This conjures up the question: do we really need that?

Usually, there is no right answer because it depends on a range of factors – the vertical market, tolerance for risk, the culture, and of course, available resources.

Today, I engage with a lot of customers and prospects in the process of evaluating cybersecurity technology. In the past decade of working with security leaders and decision makers I find three key questions help put things in focus:

What am I really trying to protect?

What questions am I trying to answer about the security of my environment?

What data do I need to provide those answers?

As we work through these layered cyber defense strategies and the conversation moves to network monitoring and intrusion detection systems (IDS) there is a tendency to view these tools as part of a legacy play book. This makes sense, the IDS is one of the most mature tools in the arsenal; that said, it remains a critical building block to a defense in depth and a modern approach to IDS technology can bring more value than ever before.

There are many considerations in choosing an IDS and I thought it would be helpful to list several of the most applicable to the broader community.  Here are four important considerations for evaluating IDS:

1) Standalone IDS versus embedded system.

Many firewalls and routers ship with some form of IDS out of the box with a software license that can be activated. For organizations with limited technical expertise, this could be a sufficient solution that offers added protection.

However, blending these edge devices puts the resource burden of these multiple functions on a single piece of hardware, which may not scale as efficiently as purpose built devices. Additionally, IDS systems embedded in a firewall are part of the quintessential hard-shell with a soft gooey center strategy. If malware slips by in a phishing email or flash drive, the IDS on a perimeter is no longer much help.

Once an adversary has made their way beyond the firewall, we cannot count on outbound command and control traffic to give away their position. Contemporary ransomware threats, don’t need help propagating themselves throughout the network and it is critical to maintain ‘eyes on’ the traffic between those systems that matter most.

A standalone IDS can sit on the internal network as part of a layered defense, providing visibility within the enterprise around priority assets, where the fight is now likely to occur. It can be configured with a greater degree of sophistication and granularity. With compartmentalized networks, prevention or blocking can be enabled to protect sensitive data without interfering with legitimate network traffic.

To read the entire blog, please click here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
11 Followers
About Bricata
Bricata is a cybersecurity solutions provider that combines a powerful network threat hunting platform into a comprehensive threat detection and prevention solution to help determine the true scope and severity threats. Bricata simplifies network threat hunting by identifying hidden threats using specifically designed hunting workflows that use detailed metadata provided clearly and eases your transition from the known to unknown malicious activities in conjunction with an advanced threat detection and prevention platform which detects zero-day malware conviction.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel