Assignment#4
docx
keyboard_arrow_up
School
American Public University *
*We aren’t endorsed by this school
Course
452
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
4
Uploaded by PresidentRiverWasp4
1
Intrusion Detection Systems
Steven Engelken
January 28, 2024
ISSC452 – Cybersecurity
Prof. Ahmad Salim
2
Engelken_Assignment 4
Intrusion Detection Systems (IDSs) are security mechanisms designed to monitor and analyze network or system activity for indications of malicious behavior or breaches of security policies. The primary function of an IDS is real-time detection and response to potential security
threats. There are two main categories of IDS: Network-based IDS (NIDS) and Host-based IDS (HIDS). NIDS monitors network activity, analyzing packets across the entire network or specific areas to identify signs of known attacks or unusual behavior. On the other hand, HIDS, operating
on individual computer systems, observes activities like file changes, logins, and system calls, comparing them against established benchmarks and recognized attack patterns. HIDS is particularly valuable for identifying attacks targeting a single host, such as malware infections or
unauthorized access attempts.
AlienVault's cybersecurity solution, Unified Security Management (USM), streamlines compliance management, threat detection, and security monitoring for enterprises. This comprehensive platform consolidates various security capabilities, simplifying control and response to threats. Key components include Security Information and Event Management (SIEM), which analyzes log data from diverse IT sources for event correlation, anomaly detection, and real-time insights. (Kushalveer, 2024). Utilizing global threat intelligence feeds enhances threat detection, keeping businesses informed about the latest cybersecurity risks. Asset discovery and vulnerability assessment functionalities help locate network assets and evaluate vulnerabilities. AlienVault USM's incident response and forensics capabilities enable thorough investigations and remedial measures. Addressing regulatory compliance, the platform provides templates and reports for standards like HIPAA, PCI DSS, and GDPR. Integrated security controls, User and Entity Behavior Analytics (UEBA), and cloud security monitoring further contribute to a robust security posture, ensuring comprehensive protection for enterprises.
The Sourcefire Intrusion Prevention System (IPS) is a network security solution developed by the cybersecurity firm Sourcefire. It analyzes network traffic, identifies malicious behaviors, and aims to prevent security vulnerabilities. It employs signature-based detection, behavioral analysis, and vulnerability detection to address known and potential threats. Admins can customize security policies, and the system provides automatic threat response. Additionally, Sourcefire IPS integrates with security ecosystems, offers real-time monitoring and reporting, and ensures scalability and high-performance threat detection without significant impact on network speed. Sourcefire as has a set inline with products such as, Advanced Malware Protection, Snort, and Immunet providing an overall coverage of prevention and detection for possible threats. (Sourcefire Next-Generation IPS, 2016).
3
TippingPoint IPS, created by TippingPoint, a division of Hewlett Packard Enterprise (HPE),
functions as an Intrusion Prevention System, defending corporate networks against diverse online threats such as malicious attacks and security vulnerabilities. (HPE TippingPoint NX Platform Next Generation Intrusion Prevention Systems, 2015). Its proactive approach aims to detect and thwart security threats before compromising network integrity. The system employs signature-based detection for known threats, keeping pace with updates to address newly discovered patterns. Additionally, behavioral analysis enhances the ability to identify unknown or zero-day assaults by spotting unusual patterns or actions. TippingPoint IPS focuses on vulnerability detection, addressing security flaws in network hardware, operating systems, and applications, thereby preventing the exploitation of known vulnerabilities. The solution allows for customizable policies, granting administrators flexibility to adjust security rules according to the specific needs of the company, including guidelines and limitations for various types of network traffic. Automated threat response features enable actions such as traffic type prevention, IP address blocking, and alert generation for further investigation.
My preference leans towards the Sourcefire IPS system. Its strong compatibility with virtual environments stands out, coupled with its user-friendly interface and seamless integration with existing IDS and IPS systems. As virtual environments gain prominence in the corporate sector, this feature distinguishes Sourcefire from other options I've considered. Moreover, Sourcefire is acknowledged as an industry standard in security, a crucial factor in purchasing decisions. Faced with challenges in finding standalone IDS systems, I opted for two IPS systems that also feature IDS capabilities.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
References:
Kushalveer Singh Bachchas. Intrusion detection system (IDS) software. (2024). https://cybersecurity.att.com/solutions/intrusion-detection-system
HPE TippingPoint NX Platform Next Generation Intrusion Prevention Systems. (2015). Web. HPE TippingPoint NX Platform Next Generation Intrusion Prevention Systems―Data sheet (zones.com)
Sourcefire Next-Generation IPS. (2016). Web. Sourcefire_Next_Generation_IPS_Datasheet.pdf (cisco.com)