Intelligent CISO Issue 06 | Page 65

New-gen intrusion detection and prevention Prevention is better than a cure when it comes to network security, says Yoram Ehrlich, VP of Products, Niagara Networks. He offers some best practice guidance for organisations and enterprises looking to improve their own procedures. An ounce of prevention Benjamin Franklin’s famous saying, ‘an ounce of prevention is worth a pound of cure’, is as good as it gets when considering network security. When facing intelligent, determined enemies, one must proactively address two key lynchpins well in advance – the technological and human factors. Technologically, network architects can take a next-gen approach by pairing intrusion prevention and detection systems. However, a purely technological approach is insufficient. Your staff are the often under- appreciated front-line in the battle for network security. Protect and detect Intrusion prevention systems (IPS) and intrusion detection systems (IDS) can be deployed alone but are generally combined. An IPS examines network www.intelligentciso.com | Issue 06 If malicious Yoram Ehrlich, VP of Products, activity is Niagara Networks detected, an automated warning is sent to the system administrator to block the source of the traffic to secure the network. There are a variety of IDSs, including: ▯ ▯ Network Intrusion Detection Systems (NIDS) ▯ ▯ Host Intrusion Detection Systems (HIDS) ▯ ▯ Signature-based IDS Detection methods To detect and identify malicious data packets, two types of detection methods are generally used. The first type of detection method is signature-based detection. Malware has a signature or recognisable pattern that IDSs use to identify malicious data packets based on a database of signatures. The other type of detection method is based on traffic heuristics or statistical anomaly detection, which measures parameters of behaviours established by tracking legitimate traffic over a period of time. If the parameters are violated, the IPS will take steps to protect the network. Traffic heuristics are useful in detecting threats that are yet unknown in the 65 Your employees must be educated to circumvent problems and how to respond when an issue arises. traffic to identify threats and prevent access. The IDS is a network monitoring tool used to surveil network traffic in case a malware penetration has occurred.