HOW TO PROTECT AGAINST DATA BREACHES

 

Data breaches effect nearly 1 in 5 internet users and expose close to 1 billion emails in one year (Griffiths, 2023). In 2022, data breaches cost businesses an average of $4.35 million. In the first half of 2022, approximately 236.1 million ransomware attacks occurred globally. Intrusion detection and prevention systems (IDPS) are software that possesses the capabilities of an intrusion detection system that can also attempt to stop possible incidents (RSI Security, 2021). There are four different types of IDPS: network-based, wireless, network behavior analysis (NBA), and host-based (RSI Security, 2021).

Network based intrusion detection (NIDS) or prevention (NIPS) systems can be used to detect and protect against these malicious network traffic and cyber-attacks (Misenar et al., 2017). NIDS is a passive device that monitors network traffic and does not interfere with it. NIDS usually requires promiscuous access to analyze network traffic. NIPS on the other hand react to network traffic and patterns. NIPS will alter the flow of traffic if anomalies are detected. When configured properly, NIPS will often “shoot down” malicious traffic through a variety of different methods (Misenar et al., 2017).

IPDS leverage the power of artificial intelligence (AI) and pattern recognition to catch cyber criminals. It does this by monitoring for irregular events and referencing the known methods used to breach security parameters. IPDS will monitor activity and information logs for observed events, sent notification emails to security administrators regarding the observed threats, and generate reports on the observed events (RSI Security, 2021).

An IDPS utilizes three different types of detection methodologies: signature based detection, anomaly based detection, and stateful protocol analysis (RSI Security, 2021).  Signature based detection relies on consistent and known cyber threat patterns. This option is considered elementary as it depends on a static list for comparison and can only evaluate one activity at a time. Anomaly based detection learns and recognizes normal activity patterns, then detects abnormalities that may be an indicator of a cyber threat. This allows the IDPS to better anticipate internal or unknown cyber threats (RSI Security, 2021).  Stateful protocol analysis, in every state, recognizes benign protocol activity and compares it against observed event. This method uses preset profiles to provide the IDPS with a reference point for benign protocol activity, usually supplied by the vendor (RSI Security, 2021).

Although an IDPS is an extremely powerful defense tool for an organization, special considerations should be taken prior to implementation:

·        The technical specifications and requirements of the IDPS

·        The organizations existing technical specifications and software, security, policies, and procedures

·        Both the expected and most dangerous threats to monitor against

·        Any systems, applications, or other resources of higher value should receive higher scrutiny

·        External and industry compliance requirements

·        The existing logging, detection, and prevention capabilities in the organization

·        Performance requirements

·        Current scalability, resource constraints, and management ease

 

References

Griffiths, C. (2023, April 28). The latest Cyber Crime Statistics (updated April 2023): Aag it support. AAG IT Services. Retrieved May 2, 2023, from https://aag-it.com/the-latest-cyber-crime-statistics/#:~:text=Headline%20Cyber%20Crime%20Statistics,the%20first%20half%20of%202022.

How to implement an intrusion prevention system. RSI Security. (2021, September 21). Retrieved May 2, 2023, from https://blog.rsisecurity.com/how-to-implement-an-intrusion-prevention-system/

Magnusson, A. (2023, January 5). What is data exfiltration? (and the best way to prevent it). StrongDM. Retrieved May 2, 2023, from https://www.strongdm.com/blog/data-exfiltration

Misenar, S., Feldman, J., & Conrad, E. (2017). Chapter 7 - Domain 7: Security operations. In Eleventh Hour CISSP®: Study guide. essay, Syngress.

Strickland, D. (2022, December 29). Top 7 data exfiltration risks [data theft prevention tips]. CurrentWare. Retrieved May 2, 2023, from https://www.currentware.com/blog/top-data-exfiltration-risks/