Intrusion Detection and Prevention

It’s no surprise data breaches are on the rise. Have you asked yourself….. how would you know if your network has been breached? How quickly would your business be able to react when it is breached?

IDS ALERT

Realize that it’s just a matter of time. You will be breached. In Cybersecurity circles, there are only 2 types of networks we discuss – networks that have been breached, and networks that don’t know they have been breached (and those that will be breached again).

According to recent cybersecurity surveys, the average time to detect a breach is 229 days! (that’s about 7 months). How much data would you lose if hackers have access to your network for 7 months?

You need to have insight into the threat actors on and trying to access your network. Enter Intrusion Detection and Prevention.

 

Understanding the difference between Intrusion Detection and Intrusion Prevention

According to the National Institute for Standards and Technology (NIST),  Intrusion Detection is defined in the following way;

“Intrusion Detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Incidents have many causes, such as malware (e.g., worms, spyware), attackers gaining unauthorized access to systems from the Internet, and authorized users of systems who misuse their privileges or attempt to gain additional privileges for which they are not authorized. Although many incidents are malicious in nature, many others are not; for example, a person might mistype the address of a computer and accidentally attempt to connect to a different system without authorization.”

Intrusion Prevention Systems add the benefit of being active and able to stop suspect traffic from being transmitted. Intrusion prevention devices are usually installed in-line between two network devices and police data as it moves from one point to another blocking known bad traffic and proving alerts on known and suspect network transactions.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are a foundation level cybersecurity system that need to be seriously considered by EVERY business – no matter how small. Firewalls are no longer the only edge system needed to protect your “crown jewels”… active, up to date threat analysis and action are needed to protect your business from today’s cybersecurity threats.

IDS and IPS systems are a key part of properly implementing the NIST Cybersecurity Framework (Protect and Detect functions).

Realize that there is no “1 size fits all” IDS or IPS solution that is appropriate for every business. At CDS, we provide a holistic, consultative approach to your business’s IDS/IPS needs. We have solutions that cover every aspect of the IDS/IPS spectrum, and we will work with your business to find the RIGHT solution for your specific needs and budget.

Our solutions include:

  • Our “Griffon ™” Platform that provides “Active Cyber Defense Countermeasures (tm)”
  • Open Source and Proprietary IDS/IPS Solutions
  • 24/7 Monitored, Real-Time Attack Detection by certified security engineers
  • Security Operations Center (SOC)
  • Small/Medium Business IDS/IPS solutions (< 100 users)
  • Enterprise Level (up to 10Gps) IPS solutions

Understanding the threats your business faces and the best solutions to mitigate those risks is what we do at CDS. Contact us today to see how we can assist with your IDS/IPS needs.