Most business' will setup end point protection, edge protection like a next generation firewall or a UTM, perhaps mail server protection and then assume that they are completely protected. The truth is, that while those solutions, if configured correctly, are crucial to your organisation's protection, many threat actors have identified ways to circumvent those solutions, when infiltrating networks. Most malware today is designed with the expectation that an environment will already have a firewall and endpoints deployed, so attempted breaches will usually occur on access paths that would generally be open in order for the business to continue as usual. This is where an Intrusion Detection System is vital, as it senses and analyses expected network traffic internally and externally, for any malicious content, on a network path or host.

An Intrusion Detection System (IDS) acts as the "burgular" alarm system for your infrastructure, it is the eyes and ears sensing for different, unexpected and malicious behavior across the network. When it discovers something malicious or out of the ordinary, it sets off an alarm, alerting your tactical armed response a.k.a your security team of the threat. This alarm is rung before the threat has a chance to cause any significant damage. IDS has become an integral part of any SIEM solution, which certain frameworks demand, before compliance certification is awarded.

An IDS allows your organisation to become proactive, defending against outside and inside threats, not only on your network, but also on your hosts. This proactive monitoring will be invaluable to your organisation, if you have to comply with the data breach notification scheme that will commence 22 February 2018, because you will now be able to proactively identify attack chain patterns as they are attempting to break in, and not after the breach has already occurred.

 "Oh boy, another solution to acquire, deploy and maintain. When will it all end"  -- Is that what you are asking yourself right now?  

Well, unfortunately it will never really end, if you read our blogs and all the other "scary" news out there, things will get worse, before they get better. But here at Secure ISS, we want to help. We can deploy, maintain and be your security guards, providing your business with threat analysis and remediation steps to every risky alarm detected in your environment. Every alarm is forwarded to our Security Operations Centre in real time for analysis. Further to that, we can offer your organisation a managed services solution where you would not have to acquire these tools outright, but rather be subscribed to our services on a monthly basis.

So, our IDS weapon of choice is AlienVault. Not only is it a very handy host and network Intrusion Detection System, but it also offers the following: