1. Thwart attacks on your network.



Similar documents
IDS IPS Buyer s Guide

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Network Instruments white paper

Network Security Forensics

The Truth about False Positives

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

SANS Top 20 Critical Controls for Effective Cyber Defense

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

PRODUCT CATEGORY BROCHURE

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Best Practices for Building a Security Operations Center

End-user Security Analytics Strengthens Protection with ArcSight

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Navigate Your Way to PCI DSS Compliance

Stay ahead of insiderthreats with predictive,intelligent security

Top five strategies for combating modern threats Is anti-virus dead?

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Verve Security Center

Clavister InSight TM. Protecting Values

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

What Do You Mean My Cloud Data Isn t Secure?

Managed Security Services

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Unified network traffic monitoring for physical and VMware environments

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

Top tips for improved network security

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Cisco Security Optimization Service

Deploying Firewalls Throughout Your Organization

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Symantec Advanced Threat Protection: Network

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

Achieving SOX Compliance with Masergy Security Professional Services

Analyzing Logs For Security Information Event Management

PROFESSIONAL SECURITY SYSTEMS

Analyzing Logs For Security Information Event Management

Information Technology Solutions

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

Enterprise Computing Solutions

Taxonomy of Intrusion Detection System

Best Practices for PCI DSS V3.0 Network Security Compliance

Defending Against Cyber Attacks with SessionLevel Network Security

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Things To Do After You ve Been Hacked

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Endpoint Security: Moving Beyond AV

Banking Security using Honeypot

HIPAA Compliance: Meeting the Security Challenge. Eric Siebert Author and vexpert. whitepaper

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

INTRUSION DETECTION SYSTEMS and Network Security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER

PEER-TO-PEER NETWORK

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

HIPAA Compliance with LT Auditor+

Outline Intrusion Detection CS 239 Security for Networks and System Software June 3, 2002

White Paper. PCI Guidance: Microsoft Windows Logging

Enterprise Security AN ALCATEL WHITE PAPER

How To Make A Network Safer With Stealthwatch

How To Protect Your Network From Attack From A Hacker On A University Server

Endpoint Based Policy Management: The Road Ahead

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Data Sheet: Vigilant Web Application Firewall. Where every interaction matters. Security-as-a-Service. Fully Managed Solution

Network Management and Monitoring Software

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Achieving PCI-Compliance through Cyberoam

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

On-Premises DDoS Mitigation for the Enterprise

Executive Brief on Enterprise Next-Generation Firewalls

HIGH-RISK USER MONITORING

Introducing IBM s Advanced Threat Protection Platform

COORDINATED THREAT CONTROL

Intrusion Detection Systems

Firewalls, Tunnels, and Network Intrusion Detection

Using Ranch Networks for Internal LAN Security

The Business Case for Security Information Management

Cisco ASA 5500 Series IPS Solution

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

The problem with privileged users: What you don t know can hurt you

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Cyber Security Response to Physical Security Breaches

Instant Messaging and Security

Network Security and the Small Business

Transcription:

An IDPS can secure your enterprise, track regulatory compliance, enforce security policies and save money. 10 Reasons to Deploy an Intrusion Detection and Prevention System Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are relatively new technologies and, like most network-security methods, are constantly evolving to keep up with the ever-changing nature of computer threats. It was predicted that part of that evolution would be that the proactive intelligence of IPS, which actively stops security threats, would naturally supplant the passive monitoring of IDS, which simply watches for threats. Instead, companies have begun deploying the two technologies in sync, creating a more complete network security environment. In fact, you d be hardpressed to purchase a device that doesn t integrate IDS and IPS technologies most vendors now offer appliances that do both, and they are often called IDPS (Intrusion Detection and Prevention Systems). IDS and IPS become much more affordable when the technologies are integrated into a single appliance. A box that does both IDS and IPS can act almost as a virtual device, allowing you to enable IDS internally and IPS at the network perimeter. Deployed in this fashion, an IDPS offers functionality beyond stopping attacks and detecting suspiciously odd network behavior. 1. Thwart attacks on your network. First and foremost, an IDPS is a complex security device that uses a variety of detection technologies to ferret out incoming malicious traffic and stop it before worms, Trojans, viruses and other threats can damage the health of your enterprise. If the device is set to intrusion detection only, the appliance will sound the alarm, and your network administrator can further investigate the suspicious code. If the device is set perform intrusion prevention, then it will stop the malicious traffic the instant it recognizes it. An IDPS can do this in a variety of ways: It can terminate the network connection or the user session that is attacking your enterprise. It can block the dangerous user account, IP address or other attacker attribute from accessing your targeted servers or other network assets. Or it can completely shut down all access to the host, service, application or whatever network asset under siege. Copyright 2007. 1

Many IPDS devices are sophisticated enough to take increasingly intelligent actions against dangerous security events. Some can stop an attack by reconfiguring onthe-fly the security controls on another network device, such as a router or a firewall, to block the attacker s access. Some can apply a patch to a host if the IPDS discovers vulnerabilities. Additionally, some can even wipe out the malicious code to unman an attack, such as deleting an infected file attachment before forwarding an email to the user. 2. Alert a network administrator of possible security events. When the IDPS is set to perform intrusion detection, it will notify a network administrator of any threats or security policy violations it detects. Because IDS is a passive technology, the potentially malicious traffic is allowed to continue onto the network, and it s up to the network administrator to decide if a breach has occurred. The alert can be sent as an email, a page, a message on the IDPS user interface, an SNMP( Simple Network Management Protocol) trap, a syslog message or through a user-defined program and script. In general, an alert contains just the basic data to describe the event, and the IDPS collects more specific information in reports. Depending on how carefully tuned the IDS device is, it may send hundreds of alerts - many of which inevitably turn out to be false positives - to the administrator every day. Thorough training of the device on the network activity can vastly decrease the number of alerts it sends. 3. Meet compliance regulations. Key to meeting and maintaining compliance with regulations such as the Sarbanes- Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) is flawless security management - and that s one of the driving forces behind the deployment of an IDPS in many organizations, particularly in heavily regulated industries such as financial institutions and health-care companies. An IDPS appliance can help a company show which applications and network resources are being accessed by malicious code, which is a key requirement to complying with SOX or HIPAA. With an IDPS in place, a company can show accountability, making it clear that appropriate user-access rights are in place and that an infrastructure enforces those access rights. An IDPS device s logs can be useful, too, when showing the measurability of internal processes. 2

4. Enforce network security policies. An IDPS device can be used to protect your enterprise not only from intruders bad intentions, but also from your users mistakes - or from a disgruntled employee s attempts at revenge. According to CSO magazine s 2006 E-Crime Watch survey of 434 security executives and law personnel, the threat posed by users is getting worse; of the organizations that experienced security events in the previous year (76 percent of total respondents), 55 percent of them reported at least one insider event (up from 39 percent in the 2005 survey). You can configure most IDPS appliances to identify violations of security policies with settings similar to a firewall ruleset. Also, some devices can watch file transfers for ones that might indicate nefarious use, such as a user transferring a database onto a laptop. You don t necessarily need to do this in secret, though. If your users know that their systems are being watched for security-policy violations, they ll be less likely to knowingly commit them. Additionally, you can use an IDPS to help shape and maintain security policies; the insight into network traffic patterns it gives can be invaluable when determining which sites users are allowed access to, for example. An IDPS may also notify an administrator of duplicate firewall rulesets and catch dangerous traffic that was allowed in by the firewall. 5. Limit nonbusiness IM (instant messaging) and video streaming. Most organizations don t want to ban their users from accessing video streaming and download sites such as YouTube, but having even a few streams running simultaneously can devour bandwidth that s still precious to many companies. And even though IM can be a valuable communications tool in some environments, employees are just as likely to send personal messages as work-related messages. Instead of banning these uses of the Internet, you can use an IDPS device to guarantee a certain level of quality of service for business processes. With intrusion prevention technology, you can achieve this through rate limiting, to limit perhaps 10 percent of the WAN pipe for nonbusiness traffic. Suddenly, the IDPS becomes a proactive business policy-setting device - a function unique to IDPS. More dangerous than eating up bandwidth is the new avenue of attack opened up by IM. Most IM programs will send attachments, which could contain malware such as a worm. Once a worm has secretly downloaded itself, the attacker can use it to control the host computer and gain access to your network. Some IPDS devices can detect and shut down such unauthorized interactive traffic. 3

6. Better understand network activity. An IDPS logs information about network traffic, including which threats successfully breached your network security (and how) and those that were foiled (and how). Many organizations first use the device just in IDS mode to get a baseline of network activity. This can serve two purposes. First, the IT staff can better understand the IDPS device s capabilities before it s an active part of the enterprise. Second, it lends insight into the kind of data that s coming in and going out of the network every day, which is useful when creating an accurate set of rules for the device to operate under. With the knowledge imparted by an IDPS s reports, a network administrator can better protect specific enterprise resources, such as finding those that lack adequate security measures, and better resolve the problems that inevitably crop up. It can also be a very tangible way to educate an organization s executive staff about the very real threats knocking on the door. 7. Save time. It may take some time up front to fine-tune the intrusion-detection technology so that it sounds an acceptable number of alarms - the false positives along with the legitimately malicious code - but it s nothing compared to the amount of time it would take IT personnel to comb through firewall activity logs every day. And what about the time it saves everyone - IT personnel as well as all the users in your company - when an attack forces the network to be shut down? 8. Learn what applications users have installed on the network. An IDPS device can help you discover the random applications the types and versions users have downloaded that deviate from the approved list of programs. When you know that IM and peer-to-peer software lives on your enterprise, you can better secure those applications as well as create and enforce security policies for them. 9. Build trust with partners. Intrusion prevention isn t just about reducing the risk your enterprise faces, it s also about making sure that a security breach to your network, such as a worm or virus, doesn t propagate out across your partners networks. This becomes a particularly crucial business practice when your company works with government agencies and financial groups. 4

10. Save money. Like any worthwhile technology, an IDPS device can save your organization money in myriad ways. Immediately, you can reassign an IT staffer to a task more productive than spending hours daily poring over firewall logs to pinpoint dangerous activity on the network. More difficult to quantify is the money saved from the fallout of a security incident; for example, how much revenue would your company s Web store lose if it goes dark? If an attack resulted in stolen personal information, you may lose customers, and finding new ones is a costly endeavor. Each organization has an individual worst-case scenario to the bottom line, which an IDPS can help avoid. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information