industry and do not have an identifiable signature. IPS may be combined with IDS to automatically protect your network from identified threats. |
|||
The key features of intrusion prevention and detection systems( IDPS): |
|||
Comprehensive, automated detection capabilities |
|||
The IDPS should be as automated as possible and empower the security team to monitor and investigate alerts, tune detection capabilities and ensure that the system is not only looking for the latest threats but can deal with them. |
|||
Abnormal behaviour detection mechanism |
|||
intelligent NETWORK SECURITY |
This capability uses smart algorithms to monitor network traffic and activity on a constant basis and to store and compare the traffic behaviour for specific days and hours. It studies‘ normal’ patterns and then compares against what may seem to be abnormal traffic activity for a similar or particular day of the week, time of the month, etc. The mechanism should notify security administrators of possible excesses in expected thresholds.
Security Information and Event Management( SIEM)
This module collects, logs and manages warnings and alerts. A SIEM is entirely out-of-band, typically not even processing a copy of the data traffic directly but logs metadata and alerts from other tools. It integrates and evaluates threat intelligence against known system weaknesses for better management and prioritisation of security controls.
Staff training
A critical but often overlooked line of defence in protecting the network is the ability of the staff to prevent breaches. The most sophisticated
|
IPS may be combined with IDS to automatically protect your network from identified threats.‘ locks’ and‘ measures’ will be virtually powerless if someone‘ leaves the door open’ so to speak.
According to Verizon’ s 2018 Data Breach Investigations Report, 4 % of recipients will click on any given phishing campaign – which means that if you have 100 employees, four of them will regularly invite cybercriminals directly into your organisation. The Anti-Phishing Working Group reported that there were more than 233,613 reports in Q4 of 2017 alone.
Training staff to be aware of the variety of attacks and their essential role in stopping them, as well as precise instructions on what to do in case of
|
a breach, are critical to complete an enterprise’ s network security strategy.
In his Cybersecurity Business Report entitled Please Don’ t Send Me to Cybersecurity Training, Steve Morgan lists several companies’ offerings from security awareness training vendors that provide training, simulations and network security related tips.
Your internal or external trainers and vendors should provide general IT training, best security practices and periodic extended training on new issues, system risks and counter-methods, periodic refresher courses, either inperson or online, and a brief test to check staff awareness and comprehension.
Summary
A good defence against network breaches includes pre-emptive action and actual breach prevention. These can be attained technologically with next-generation intrusion detection and prevention systems.
At the same time – and even more critical – your entire organisation needs training in prevention and response methods. u
|