Ads by TechWords

See your link here
Receive the latest technology news and information.
Networking
Networking Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Intrusion detection in the age of compliance

FISMA, HIPAA and PCI-DSS tell you what to do ... but not how

September 16, 2007 12:00 PM ET

Computerworld - While intrusion-detection technologies are clearly not a hot new thing anymore, they are still the subject of active industry debate. Since the infamous "IDS Is Dead" piece was published by Gartner Inc. in 2003, the discussion about the relevance of intrusion-detection systems to today's world of commercial malware and Web exploits rages on. Furthermore, the relationship of IDS to newer technologies such as intrusion-prevention systems (IPS) and network-behavior anomaly detection (NBA) systems is also commonly discussed in the security community.

At the same time, everybody who is even slightly involved with security knows that prevention technologies will fail at some point. It's necessary to have an additional layer to detect the consequences of a breach. (Note that detection will also fail at some point, leading us into incident response -- the subject of my previous article.) Similarly, few question the need for comprehensive network monitoring aimed at increasing control over what should be "your" network but is sometimes "owned" by the attackers as well.

No matter what technologies become fashionable, the need for intrusion detection is constant. Whether you choose to implement an IDS is less important than having a process that enables you to know what is going on and to detect intrusions. Thus, enlightened companies will consider even their end users to be, metaphorically speaking, a kind of IDS, since users will sometimes serve as indicators of suspicious behavior. On the opposite end of the spectrum are those less-enlightened companies that chose to go with "CNN is our IDS" and that only learn that their networks were compromised when the news shows up in the media. Don't be those guys.

It's interesting to note that intrusion-detection technologies are actually mandated by a few regulations. Organizations under such mandates should look at deploying such technologies independently of industry debate over the finer mechanical points. In my last two articles on incident management and log management, I described the way in which FISMA, HIPAA, and PCI-DSS affect incident-response procedures and log management processes. It should come as no surprise, then, that these same regulations mandate intrusion-detection capabilities.

To demonstrate the complexity of intrusion detection and prevention and the need for a multifaceted approach to the issue, note the common theme that runs through these regulations: Intrusion detection mechanisms must not only be in place, but must also be kept up to date and monitored for signals and alerts.

Federal Information Security Management Act of 2002 (FISMA)

NIST SP 800-53 lists a variety of security controls (including intrusion-detection controls) that need to be in place to protect a federal information system. "Intrusion-detection controls" simply means that tools and techniques be used to monitor for and detect unauthorized information system activity and/or attacks, without specifying any specific method of doing so.



Jump to comments

anton chuvakin

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

White Papers & Webcasts

Tackling the Top Five Network Access Control Challenges
Computerworld and Juniper invite you to download this white paper.  

How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!  

Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.  

Accelerate SSL Encrypted Applications
Gain complete visibility into SSL application sessions, making it easy to apply appropriate acceleration and security controls to all SSL traffic.  

The Commercialization of ITIL: Lessons Learned
Register for this event today!