Intrusion detection and prevention solutions

Overview

Network intrusion is a real and business impacting event, and can be damaging in one or more ways to both operations as well as to the business.  The intrusion can be motivated in many ways for example:

• Personal – An individual’s personal vendetta against a business or brand
• Political – Hacktivist organisations damaging a brand or business’ operation
• Financial – Extrusion of information for resale or financial gain

An intrusion attempt is the act of circumnavigating defences or specifically targeting parts of the security systems, infrastructure devices or hosts. Intrusion attempts come in many forms and will commonly be part of multi-staged probing of the network or resources for information on which to base subsequent attacks. The actual profile of intrusion events isare wide ranging and the actual foot print in respect of the logs on network devices can be extremely small. This presents problems on several levels:

• Management of different devices in the estate are spread across multiple departments
• Devices many be managed by an external third party
• Staff may not recognise or understand the relevance and the severity of a log event 

‘Zero Day’ is a very common term used in the security market., intrusion detection systems allow businesses to increase their visibility of the more refined methods that malware, phishing, virus’’s, network scanning, port scanning, running exploits and brute force attacks can now have.

Intrusion Detection systems can now be deployed as separate appliances bundled into a number of border gateway security products as well as integrated at the host operating system and at the hypervisor level of VMware.

Market Trends

Traditionally intrusion detection was carried out at security border gateway’s or at key points of the network deployed as separate hardware appliances. Intrusion detection was deployed into businesses that had a higher level of security requirements or security focus.

Much has changed in the recent years, the advent of the cloud, application aware security products and the, introduction of branch level UTM (Unified Threat Management (UTM) devices to name a few.

The capabilities of traditional appliance based systems have been now surpassed by the change in threat market attack profiles. Intrusion products broadly speaking fall into three categories:

• Detection only
• Detection and prevention
• Detection, prevention and automated response action/alerting

However ‘detection only’ systems are now very much redundant unless coupled with a SIEM (Security Information and Event Management) solution to provide the ‘automated response action/alerting’ mechanism.

Security is, and for the foreseeable future will be, a multi layered approach. Although this product area has been widely left aside by most businesses, the change in the threat markets and some regulatory compliance such as PCI-DSS have provided compelling drivers for the implementation of solutions to both counteract the ‘real threat’ as well as raise security posture.

Solution Benefits

Intrusion detection can form part of a multi-layer security strategy that can capture events which slip between the gaps of operational separation with product management as well as highlighting events which would not necessarily be identified by any other software or appliances in the estate.

Where appropriate intrusion solutions are implemented for the various requirements of different environments may have and they can provide the following benefits:

• Increases the quality of monitoring of security events
• Reduce in the ‘time to detect’ by highlighting the presence of malware and virus infections
• Reduce in the total cost of ownership of network and security management by helping with the ‘time to resolution’
• Give operational support benefits by providing key intrusion information to be able to develop a security strategy to counteract
• Provide a prevention mechanism that may exceed the skills required of internal staff to manually detect and prevent an intrusion alert

Why SecureData?

SecureData is the largest Independent security service provider with in the UK and offer a wide range of technologies and services. We have specifically worked with Intrusion Detection and Prevention technology for many years, traditionally in the past with IPS based systems to the more modern IDP systems available today and through extensive and continuous research of this market are able to offer a variety of technologies to suit a your requirements.  The technologies that we offer are seen as ‘best of breed’ within the security market and have been selected not only because of the features they offer but also because of the vendors’ commercial offerings, ability to provide global support, and ability to include new features and support future trends. We invests a lot of time in not only choosing the correct technologies to sit within our portfolio but also in Sales and Technical training so that not only are we able to supply the correct technology to fit a your requirements but are also able to offer Professional Services for Implementation and Training backed up by either a supported, monitored or managed service. We achieve the highest levels of technical and commercial accreditations for all of those vendors that sit within our product portfolio.