Next-Generation security
IDPS
The primary functions of IDPS solutions can be broken down into four main categories:
Monitoring: IDPS monitors IT systems using either signature-based or anomaly-based intrusion detection to identify abnormal behavior and signature malicious activity.
Alerts: After identifying potential threats, IDPS software will log and send out alert notifications to inform administrators of abnormal activity.
Remediation: IDPS tools provide blocking mechanisms for malicious threats, giving administrators time to take action. In some cases, IT teams may not need to take action after an attack is blocked.
Maintenance: Besides monitoring for abnormal behavior, IDPS tools can also monitor the performance of IT hardware and security components with health checks. This health monitoring ensures a security infrastructure is operating correctly at all times.
NGNIPS
Next-Generation Network IPS (NGNIPS) have the following five characteristics according to Gartner (in 2013):
Standard first-generation IPS capabilities: A next-generation network IPS can do what a traditional network IPS can do.
Application awareness and full-stack visibility: Identify traffic from various applications and enforce network security policies. An NGNIPS must be able to understand up to the application layer.
Context awareness: Use information from sources outside the IPS to aid in blocking decisions.
Content awareness: Able to inspect and classify files, such as executable programs and documents, in inbound and outbound traffic.
Agile engine: Support upgrade paths to benefit from new information feeds.
NGIPS and NGFW are not the same and having both can be very useful.
Challenges
Some challenges to keep an eye on when it comes to Next-Generation security:
False positives: You will almost undoubtedly run into the problem of false-positive alerts, which can waste time and resources. Be vigilant when notified of potentially malicious behaviour, but also be aware that it is not a guarantee of an attack.
Staffing: Cybersecurity is so essential to organisations that there is a shortage of available security professionals. Before implementing an IDPS system, ensure you’ve put together a team that has the capabilities to manage it effectively.
Genuine risks: Beyond just managing an IDPS, there will be cases where administrator intervention is required. An IDPS can block many attacks but not all. Ensure teams keep their knowledge up-to-date on new types of attacks, so they’re not blindsided when one is identified.
Ubiquity of data: The omnipresence of data, of all kinds, has necessitated the spread of organisational roles that manage, organise and safeguard this data. Reputations and compliance with regulations are at stake here. How much does non-compliance cost? And in case of a breach, dents in reputation?