It’s not uncommon to hear friends and colleagues talk about how they’re overworked and under water, but for security professionals, this is a daily and real struggle. Although there are dozens of products out there intended to ease their workload, one, in particular, is a frequent source of frustration: Intrusion Detection Systems (IDS).
Managing an IDS isn’t easy. It requires a lot of time and effort to keep it running at peak performance. For understaffed security teams, that means IDS rarely gets the care it needs because the manpower just isn’t there. What results is an IDS that generates a ton of noisy, unprioritized false alarms which either stretch teams to the breaking point or wind up just being ignored entirely.
Considering how untenable that situation can become, the high total cost of ownership (TCO) of deploying and managing an IDS in the first place, and because IDS can only detect threats at the perimeter, it’s a wonder why they’re still an entrenched component of most organization’s security architectures.
Before you feel too bad for IDS, it’s good to know that the technology is getting some long needed support from a new best friend, Network Traffic Analysis (NTA).
Gartner calls NTA one of the top security technologies for 2017, and recommends that “enterprises looking for a network-based approach to identify advanced attacks that have bypassed perimeter security” - [Oh hi, IDS!] - “should consider NTA as a way to help identify, manage, and triage these events.”
NTA applies a combination of rules, signatures, machine learning, and other advanced techniques to monitor and alert reliably on security events that matter, even as attacks spread east to west. In other words, NTA’s role is to complement IDS in a way that helps reduce alerting and to provide visibility into threats everywhere, including the cloud and in Industrial environments.
And if you add historical PCAPs to a NTA-IDS solution, you can uncover complex, multi-stage attacks that might have been making their way across your network for weeks or even months. It can also give your overworked analysts quick access to the forensic evidence they need to confirm an attack.
- Why legacy IDS technology alone won’t do
- What NTA includes and how it helps improve IDS
- Who benefits from this pairing up and how
- How ProtectWise delivers on this emerging need
Next blog post