What is next-gen intrusion detection?

How to not become the next data breach victim you read about

On average it takes six months before a data breach is detected. Advanced attacks that evade next-gen firewalls, security gateways, and antivirus solutions, often go unnoticed while impacting an organization for several months. One can only imagine what occurs once the bad guys gain access to your critical networks, files, and data. Enterprises have invested millions in deploying various security solutions and platforms. 

Why does it take so long to detect data breaches?

For one, in today’s world, data resides everywhere. Not only in your on-premise data centers but also in remote sites, virtual data centers, containerized environments, software-defined environments. Not to mention your public, private, hybrid and multi-cloud environments, too.

Let’s define this as the new “Digital Attack Surface”. As you can see, there are many ways for the bad guys to gain access. Having visibility in all these unique areas and being alerted on suspicious traffic patterns and behaviors in real-time is critical in preventing the next cyber data breach. It requires unparalleled monitoring of every user, database, transaction, and packet with ultimate accuracy and precision to catch the bad guys in action. 

Secondly, commonly used signature-based intrusion detection systems (IDS) are reactive and can only respond once the crime has occurred. They rely on pre-defined behaviors and compare all network traffic to the signatures they already have labeled and categorized. These systems cannot proactively protect your network against sophisticated malware or ransomware attacks that are not listed in its existing library. 

For example, the Capital One data breach occurred when an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers and individuals. 

The second example is the Target data breach, which occurred when hackers broke into the retailer’s network using login credentials stolen from a heating, ventilation and air conditioning company. 

So, how do I avoid becoming another data breach story in the media?

The ideal scenario for enterprises would be real-time alerts of detected suspicious, malicious and anomalous behaviors so that they can take action before series negative repercussions result. Alerts and early detection will of course help prevent these types of data breaches. Enterprises can be notified in real-time when a bad guy creates a new tunnel to access data or if a user is abnormally accessing files and uploading them to Dropbox. 

This is what you get with next-gen behavior-based intrusion detection, which differs in several ways from signature-based intrusion detection systems.

By utilizing new security breach methods such as malware, ransomware and phishing schemes, malicious cyber criminals have consistently found methods to penetrate the network security perimeter, and are becoming more sophisticated as they go. To detect and protect against cybercriminals who have managed to get past your perimeter (and endpoint or perimeter protection security solutions), a next-gen behavior-based intrusion detection solution is required. No other solutions can protect against threats and behaviors that occur once a cybercriminal is able to breach the perimeter. To learn more about how next-gen IDS are complementary to perimeter protection and endpoint security solutions, read this guide.

To see how next-generation intrusion detection can benefit your organization, download the Accedian Skylight powered Security app for free on Splunkbase. Skylight powered Security provides the data and visibility needed to detect real-time suspicious, malicious and anomalous behaviors. It provides a single source of truth for critical IT assets in the enterprise core, data center, and hybrid cloud architectures, monitoring every user, database, transaction, and packet with in-depth precision and unrivalled accuracy.