Intrusion detection in the age of compliance
FISMA, HIPAA and PCI-DSS tell you what to do ... but not how
Computerworld - While intrusion-detection technologies are clearly not a hot new thing anymore, they are still the subject of active industry debate. Since the infamous "IDS Is Dead" piece was published by Gartner Inc. in 2003, the discussion about the relevance of intrusion-detection systems to today's world of commercial malware and Web exploits rages on. Furthermore, the relationship of IDS to newer technologies such as intrusion-prevention systems (IPS) and network-behavior anomaly detection (NBA) systems is also commonly discussed in the security community.
At the same time, everybody who is even slightly involved with security knows that prevention technologies will fail at some point. It's necessary to have an additional layer to detect the consequences of a breach. (Note that detection will also fail at some point, leading us into incident response -- the subject of my previous article.) Similarly, few question the need for comprehensive network monitoring aimed at increasing control over what should be "your" network but is sometimes "owned" by the attackers as well.
No matter what technologies become fashionable, the need for intrusion detection is constant. Whether you choose to implement an IDS is less important than having a process that enables you to know what is going on and to detect intrusions. Thus, enlightened companies will consider even their end users to be, metaphorically speaking, a kind of IDS, since users will sometimes serve as indicators of suspicious behavior. On the opposite end of the spectrum are those less-enlightened companies that chose to go with "CNN is our IDS" and that only learn that their networks were compromised when the news shows up in the media. Don't be those guys.
It's interesting to note that intrusion-detection technologies are actually mandated by a few regulations. Organizations under such mandates should look at deploying such technologies independently of industry debate over the finer mechanical points. In my last two articles on incident management and log management, I described the way in which FISMA, HIPAA, and PCI-DSS affect incident-response procedures and log management processes. It should come as no surprise, then, that these same regulations mandate intrusion-detection capabilities.
To demonstrate the complexity of intrusion detection and prevention and the need for a multifaceted approach to the issue, note the common theme that runs through these regulations: Intrusion detection mechanisms must not only be in place, but must also be kept up to date and monitored for signals and alerts.
Federal Information Security Management Act of 2002 (FISMA)
NIST SP 800-53 lists a variety of security controls (including intrusion-detection controls) that need to be in place to protect a federal information system. "Intrusion-detection controls" simply means that tools and techniques be used to monitor for and detect unauthorized information system activity and/or attacks, without specifying any specific method of doing so.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!