Intruder Alert !
An intrusion has occurred...
...on your network. How long did it take your ICT team to discover it? Where was the weakness? What is the risk to your organisation?
The most important question, Were you even aware of it?
Statistic : It takes most business about 197 days to detect a breach on their network.
Most business' will setup end point protection, edge protection like a next generation firewall or a UTM, perhaps mail server protection and then assume that they are completely protected. The truth is, that while those solutions, if configured correctly, are crucial to your organisation's protection, many threat actors have identified ways to circumvent those solutions, when infiltrating networks. Most malware today is designed with the expectation that an environment will already have a firewall and endpoints deployed, so attempted breaches will usually occur on access paths that would generally be open in order for the business to continue as usual. This is where an Intrusion Detection System is vital, as it senses and analyses expected network traffic internally and externally, for any malicious content, on a network path or host.
An Intrusion Detection System (IDS) acts as the "burgular" alarm system for your infrastructure, it is the eyes and ears sensing for different, unexpected and malicious behavior across the network. When it discovers something malicious or out of the ordinary, it sets off an alarm, alerting your tactical armed response a.k.a your security team of the threat. This alarm is rung before the threat has a chance to cause any significant damage. IDS has become an integral part of any SIEM solution, which certain frameworks demand, before compliance certification is awarded.
An IDS allows your organisation to become proactive, defending against outside and inside threats, not only on your network, but also on your hosts. This proactive monitoring will be invaluable to your organisation, if you have to comply with the data breach notification scheme that will commence 22 February 2018, because you will now be able to proactively identify attack chain patterns as they are attempting to break in, and not after the breach has already occurred.
"Oh boy, another solution to acquire, deploy and maintain. When will it all end" -- Is that what you are asking yourself right now?
Well, unfortunately it will never really end, if you read our blogs and all the other "scary" news out there, things will get worse, before they get better. But here at Secure ISS, we want to help. We can deploy, maintain and be your security guards, providing your business with threat analysis and remediation steps to every risky alarm detected in your environment. Every alarm is forwarded to our Security Operations Centre in real time for analysis. Further to that, we can offer your organisation a managed services solution where you would not have to acquire these tools outright, but rather be subscribed to our services on a monthly basis.
So, our IDS weapon of choice is AlienVault. Not only is it a very handy host and network Intrusion Detection System, but it also offers the following:
SIEM
Security Incident and Event Monitoring.
Asset Discovery and Repository
Asset inventory, authenticated and non-authenticated.
Vulnerability Scanning
Continuous scheduled scans.
Behavioral Monitoring
Availability monitoring and NetFlow analysis.
Open Threat Exchange
Global threat intelligence.
We are confident that by leveraging these tools, and our technical experience, we can offer you a reliable and affordable solution, that will detect any breaches your organisation will inevitably face.