Intrusion Detection System (IDS) is a detective device designed to detect malicious (including policy-violating) actions. An Intrusion Prevention System (IPS) is primarily a preventive device designed not only to detect but also block malicious actions.
Depending on their physical location in the infrastructure, and the scope of protection required, the IDS’ and IPS’ fall into two basic types: network-based and host-based. Both have the same function and the specific type deployed depends on strategic considerations.
WHY ARE IDS’ and IPS’ systems necessary?
The IDS and IPS devices employ technology, which analyses traffic flows to the protected resource in order to detect and prevent exploits or other vulnerability issues.
These exploits can manifest themselves as ill-intended interactions with a targeted application or service. The goal is to interrupt and gain control of an application or a machine, thus enabling the attacker to disable the target causing in a denial-of-service situation, or to gain access to rights and permissions available through the target. Continue reading “The Purpose of Intrusion Detection & Prevention Systems”
Antivirus or anti-virus software (AV), sometimes also referred to as anti-malware software, is developed with the purpose to detect, remove and prevent the proliferation of malicious code.
The consequences of malware infection of a corporate environment may be very different. From loss of valuable information, stealing of confidential information, sending of unsolicited emails and spam, to unsolicited remote computer access and unauthorized malicious attacks on the server.
The most commonly used product for endpoint security is antivirus software. Many of today’s integrated endpoint security offerings have evolved over time from the initial development of antivirus software. Anti-virus products are often ridiculed for their continued inability to stop the spread of malicious software.
Unfortunately, there is no perfect remedy or elixir to stop malware, so antivirus products will still be necessary, though insufficient. Antivirus software is a single layer (of many) for defense-in-depth endpoint protection. Continue reading “What is a Corporate Anti-Virus System Good for?”
Information security has many faces and comes with a lot of bells and whistles. We have the SIEMs, the IDS’ and IPS’ and of course the DLPs.
As some of you may know, DLP (Data Loss Prevention) is an information traffic control mechanism in the information system of an enterprise. The main objective of DLP systems is to prevent the transmission of confidential information outside of the information system. Such transfers or often called leakages can be both intentional and unintentional.
Practice shows that most of the leaks that are known (about 3/4) occur not by malicious intent, but because of errors, carelessness or negligence from workers. The rest of the leaks are associated with malicious actors and users of the information systems. It is understandable that insiders usually try to overcome DLP systems. The outcome of this effort depends on many factors and it is impossible to guarantee success, but the risks can be greatly minimized. DLP is necessary because there is a lot of data, unauthorized diversion of which could cause significant damage to the organization.
Continue reading “Can DLP Solve Leakage Problems?”
Even when all else fails, there is still hope! Business continuity and disaster recovery planning is here as the last resort to protect you business.
Business continuity (BCP) and disaster recovery planning (DRP) are an organization’s LAST CORRECTIVE CONTROL when all other controls have failed! BCP/DRP may prevent or provide remedy for force majeure circumstances such as injury, loss of life, or failure of an entire organization.
Furthermore, BCP/DRP provides the advantage of being able to view the organization’s critical processes and assets in a different, often clarifying light. Risk analysis conducted during a BCP/DRP plan stage often lead to immediate mitigating actions.
An eventual potentially crippling disaster may have no impact due to prudent risk management steps taken as a result of a thorough BCP/DRP plan. Continue reading “Business Continuity & Disaster Recovery 101”
Have you ever experienced having a server being overloaded by incoming traffic, or how we’d call it – a denial of service? It’s one of the most common cyber attacks and it aims to shut down one’s online systems.
DDoS (Distributed Denial of Service) is an attack on the computer system aiming at bring the system to a failure, i.e., the creation of conditions under which legitimate users cannot access the victimized resource. In addition to its direct purpose – resource unavailability and failure of the targeted system, it can be used to take steps towards mastering the system (in contingencies it may provide critical content – for example, the version of the code, etc.) or to mask other subsequent attacks.
TYPES OF DDOS ATTACKS
DDoS attacks can be divided into two basic types: attack on the channel and attack on the process, the first of which is just hammered with an overwhelming mass of specially crafted requests, whereas the second is an exploiting software and network protocol vulnerabilities, causing limited productivity of hardware, thus blocking customers’ access to information system resources
Continue reading “Fight Back with DDoS Mitigation”