industry and do not have an identifiable signature . IPS may be combined with IDS to automatically protect your network from identified threats . |
|||
The key features of intrusion prevention and detection systems ( IDPS ): |
|||
Comprehensive , automated detection capabilities |
|||
The IDPS should be as automated as possible and empower the security team to monitor and investigate alerts , tune detection capabilities and ensure that the system is not only looking for the latest threats but can deal with them . |
|||
Abnormal behaviour detection mechanism |
|||
intelligent NETWORK SECURITY |
This capability uses smart algorithms to monitor network traffic and activity on a constant basis and to store and compare the traffic behaviour for specific days and hours . It studies ‘ normal ’ patterns and then compares against what may seem to be abnormal traffic activity for a similar or particular day of the week , time of the month , etc . The mechanism should notify security administrators of possible excesses in expected thresholds .
Security Information and Event Management ( SIEM )
This module collects , logs and manages warnings and alerts . A SIEM is entirely out-of-band , typically not even processing a copy of the data traffic directly but logs metadata and alerts from other tools . It integrates and evaluates threat intelligence against known system weaknesses for better management and prioritisation of security controls .
Staff training
A critical but often overlooked line of defence in protecting the network is the ability of the staff to prevent breaches . The most sophisticated
|
IPS may be combined with IDS to automatically protect your network from identified threats . ‘ locks ’ and ‘ measures ’ will be virtually powerless if someone ‘ leaves the door open ’ so to speak .
According to Verizon ’ s 2018 Data Breach Investigations Report , 4 % of recipients will click on any given phishing campaign – which means that if you have 100 employees , four of them will regularly invite cybercriminals directly into your organisation . The Anti-Phishing Working Group reported that there were more than 233,613 reports in Q4 of 2017 alone .
Training staff to be aware of the variety of attacks and their essential role in stopping them , as well as precise instructions on what to do in case of
|
a breach , are critical to complete an enterprise ’ s network security strategy .
In his Cybersecurity Business Report entitled Please Don ’ t Send Me to Cybersecurity Training , Steve Morgan lists several companies ’ offerings from security awareness training vendors that provide training , simulations and network security related tips .
Your internal or external trainers and vendors should provide general IT training , best security practices and periodic extended training on new issues , system risks and counter-methods , periodic refresher courses , either inperson or online , and a brief test to check staff awareness and comprehension .
Summary
A good defence against network breaches includes pre-emptive action and actual breach prevention . These can be attained technologically with next-generation intrusion detection and prevention systems .
At the same time – and even more critical – your entire organisation needs training in prevention and response methods . u
|