July 15, 2014
Each day there are millions of credit card transactions, client contracts and other sensitive data being transmitted across business networks in the US and around the globe. It is the responsibility of your IT infrastructure to help keep all data secure – is yours doing the job?
People take care to protect their credit card information, Social Security numbers and all other personal and identification data; do you do the same for your company? Does your company have the security measures in place to ensure only authorized individuals access your network? With the massive flow of data streaming across your IT infrastructure each day, the time to consider business network intrusion detection is now. Security solutions in IT need to focus on 3 stages of an attack:
Traditional security items, like anti-virus, anti-malware, firewalls and more focus on the “BEFORE”. Business Intrusion Detection and Pretension Systems (IDS/IPS/IPS) offer some protection before an attack occurs, but also during.
What is Business Network Intrusion Detection?
A network Intrusion Detection and Pretension System, or IDS/IPS/IPS, is a system designed to monitor your business network. IDS/IPS can be a hardware device connected to your network, or it can be a software application installed on the network, or both. Regardless of the format, the goal of the system is the same: monitor and record normal network behaviors, allowing for automated and dynamic security policies being applied to suspect activity.
How Business Network Intrusion Detection Works
An IDS/IPS is designed to search your business network for malicious activity and policy violations, and then create reports on the flow of traffic within the network. The IDS/IPS will monitor the inbound and outbound traffic by analyzing its pattern on the network. When the system finds suspicious traffic patterns, it will take a deeper look to determine the validity of the threat. It can also be programmed to automatically apply security measures against the suspect traffic.
The system achieves this analysis in two ways. First, it can conduct what is called a profile-based analysis. The IDS/IPS will collect the pattern of inbound and outbound traffic in a normal scenario to create a profile. The system then uses that profile as a starting point to compare future traffic and look for anomalies in the pattern.
Secondly, the system uses signature-based analysis. In this process the system will compare live traffic patterns on your business network against a database of known intrusion signatures. These signatures can, in many cases, be thought of as patterns of intrusion that have been detected in the past. Using these known signatures, the system can then analyze live traffic on the network for possible intrusion.
Hardware vs. Software IDS/IPS
Your company has many options when it comes to deploying IDS/IPS on its business network.
Hardware IDS/IPS plugs directly into your business network on-site to monitor activity. Generally speaking, hardware systems are less expensive than software application systems. The hardware will monitor all the traffic on your network and inform your IT department if it detects abnormal activity. Compared to software IDS/IPS, hardware systems are more difficult to detect by intruders.
Hardware IDS/IPS does come with a downside though. It cannot analyze encrypted traffic on your business network, and it will struggle to detect intrusions and abnormalities during periods of high traffic. When traffic levels on your network begin to exceed the capacity of the IDS/IPS hardware, it will simply begin to ignore packets. If this happens, a hacker, for example, can strike your network without you knowing until the damage is done. Additionally, hardware IDS/IPS does not provide specific information on the success or failure of an attack. Your IT department will simply be alerted to suspicious activity.
Software IDS/IPS, on the other hand, is designed to protect specific programs and systems on your network. It does not have the capacity limitations of a hardware IDS/IPS either, so your network can achieve greater security with fewer gaps. These systems are generally more accurate because both network traffic and server log files are analyzed by the program.
However, software IDS/IPS does have a downside of its own. For starters, it can be more costly to implement than hardware systems. The majority of the expense comes from the need to purchase a software license for each host on the network that is being monitored. A related downside comes from the scope of protection. If you choose not to deploy software IDS/IPS for all hosts on your network, then those which do not have the software are vulnerable to intrusion. Last but not least, software IDS/IPS requires resources, such as CPU memory, disk space and bandwidth. Without proper resources, deploying software IDS/IPS can have a negative impact on network performance.
The best way to protect your network from intrusion is by implementing a multi-layered business network Intrusion Detection System. With a combination of hardware and software IDS/IPS strategically located on your network, your business will be better prepared to block unauthorized access. Request an appointment with a specialist to begin discovering your network protection options.