Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been touted as the cure-all to security and compliance woes. The most common type of system sits on the network and inspects all inbound packets. An IDS/IPS is designed to inspect incoming packets to see if they are part of a malicious attack and drop or alert on the packets which are. But like most technologies, IDS/IPS has numerous limitations and pitfalls that vendors of these systems don’t want you to know. When considering how best to protect your organization’s network and an IDS/IPS is in the running, you should consider the following five key limitations.
Each day IT equipment, servers, firewalls, and other hardware and software systems collect and store information in the form of logs. These logs are vast, and always contain a wealth of data that companies can use to analyze everything from how efficiently they are running their businesses to the state of their IT security.
While this information is critical, there's only one problem: It's often hard to decipher because, quite simply, there's just too darn much of it.
That's where log management tools come into play. Here are three major benefits of these tools:
The threat from cybercriminals is real, and credit unions must be on the constant lookout for potential breaches. These institutions are very vulnerable to cyber attacks because of their smaller size, and don't always have the IT infrastructure and resources to thwart cyber attacks like their larger counterparts, according to a new 2016 Beazley Breach Response Insights report.
"You're being tested every day, whether you realize it or not," said David Luchtel, Vice President of IT Infrastructure and Operations at WSECU, according to Credit Union Times.
We’ve written recently about the importance of moving your IT security to the cloud and the business benefits of doing so, as well as burst some myths that surround cloud-based security. The fact of the matter is that vendors such as Amazon Web Services provide “a data center and network architecture built to meet the requirements of the most security-sensitive organizations. An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment,” according to the company’s website.
When it comes to cybersecurity, companies today typically have three options:
- Do nothing or the bare minimum, and hope that cyber attackers don’t find you.
- Keep your current cybersecurity posture as is, without consistent updating or monitoring (and hope cyber attackers don’t find you!).
- Consider EiQ’s hybrid security as a service to identify threats and vulnerabilities, mitigate risk, and achieve compliance.
Let’s look at each of these options.
We’ve recently written a number of posts about the role that passwords and strong authentication methods play in security. Locking down logins and implementing access controls has long been a cornerstone of information security. Most information security professional understand the factors that make passwords strong. For a quick refresher, check out our recent post on the subject. In short, a strong password is typically very long; includes numbers, mixed case, and special characters; includes no words or discernible patterns and is definitely not your pet’s name. You should also never reuse the password or use the same password across multiple systems.
In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account. That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.
Mistakes in the cybersecurity world have become a lot more expensive, particularly if you suffer a data breach. A new study done by the Ponemon Institute for IBM concluded that security breach costs $4 million per incident in 2016, a 29% increase from 2013. Furthermore, stolen records have climbed in cost as well, with the average loss per record now standing at $158. Stolen healthcare records have also risen dramatically, now $355 per record, up $100 from 2013. Additionally, the study revealed that the average time to identify a breach is now 201 days, and the average time to contain a breach is 70 days. Breaches identified in fewer than 100 days cost companies an average of $3.23 million and breaches found after 100 days cost considerably more, at an average of $4.38 million.
The Verizon 2016 Data Breach Investigations Report details findings pulled from a sampling of more than 100,000 incidents and 2,260 data breaches. The 85-page report is certainly worth a read for anyone interested in information security. For those in a hurry, here are a few of the key points I saw:
With today’s elevated security threat level and related economic impact, it makes sense to do everything you can to secure your organization’s servers, desktops, and devices. How do you keep the bad guys out while securing and enabling day-to-day business? Many companies use SIEM tools for threat detection, compliance, and asset protection. I’d like to suggest a couple of additional layers of security.
An effective security program is a balance of people, process, and technology. When evaluating an IT security monitoring solution, it is important to consider each of these areas in the decision-making process. Your organization also needs to determine which areas should be handled internally and which should be co-managed with a trusted partner. Let’s take a look at each: