Cybersecurity

The CFO’s Guide to Intrusion Detection

Intruder Alert: Understanding Intrusion Detection
Frank OhlhorstBy Updated:4 Mins Read
intrusion detection cybersecurity

Today’s CFOs are becoming more involved in risk management, or more specifically, cyber risk management. After all, cybersecurity is now a concern for the entire C suite. CFOs should not be left behind when it comes to calculating risk and intrusion detection, especially with digital assets.

Intrusion Detection: More than just detecting intruders

Intruders have been a business threat long before the internet boom. Physical intruders proved simpler to prevent using gates, locks, security cameras, guards, and so forth. However, once the first modem was plugged into a phone line, the digital intruder became a reality and its repercussions had to be mitigated.

Fast forward to the 21st century, where internet, cloud, and remote-access connections have become a standard necessity for nearly every business, and the term “intruder” takes on new meaning. Intruders can be based anywhere in the world and aren’t not necessarily human beings. Bots or other artificial intelligence entities can be designed with the same goal, breaking into a company’s digital resources.

However, the concept of an Intrusion Detection System (IDS) has evolved beyond a simple alarm system. IDS is often paired with an Intrusion Prevention System (IPS), creating a new acronym of IDS/IPS, a multifaceted technology that not only detects intruders but also attempts to manage them.

IDS and IPS differ somewhat; an IDS analyzes network traffic for signatures of known cyberattacks, and creates an alarm, while IPS goes beyond packet analysis – identifying and preventing packets before delivery.

IDS/IPS prove critical for cybersecurity and offer specific capabilities which can help reduce risk. Those capabilities include:

  • Automation: IDS/IPS systems are largely hands-off, a great business appeal. With limited resource requirements, IPS provides assurance that the network is protected from known threats.
  • Compliance: Part of compliance often requires documented proof that you’ve invested in data protection systems. Implementing an IDS/IPS solution meets a compliance requirement and addresses a number of the CIS Security controls. More importantly, data auditing is a valuable part of compliance investigations.
  • Policy enforcement: IDS/IPS are configurable to help enforce internal security policies at the network level. For example, if you only support one VPN, you can use the IPS to block other VPN traffic. IPS policies can be built using numerous criteria, such as user location, specific times and dates, as well as most any other information associated with a device or a user account.
  • Identification: IDS/IPS systems provide insights into network paths and connections, giving better network infrastructure visbility. This can also point to any unknown networks and overlooked devices.

For the most part, IDS/IPS systems are believed as an enhancement to current IT security systems. This begs the question, does an organization need to invest in IDS/IPS solutions, or are existing security suites sufficient?

The decision to implement IDS/IPS solutions requires due diligence. CFOs must be willing to ask hard questions and expect answers that will strengthen IT security, without exploding the IT budget. Knowing what to look for and the best questions to ask can unify IT mission and business expectations. CFOs need to work in concert with IT managers to evaluate and define security needs. Questions that should be asked include:

  • Does IT need to enhance network visibility, control, or both?
  • How many systems (or devices) will need to be monitored?
  • Does the IT Staff have the experience to effectively manage an IDS/IPS solution?
  • Can the IT staff effectively respond to threats?
  • Will advanced training be needed to get the most out of the IDS/IPS solution?
  • What resources will be needed to deploy the solution?
  • Is the IDS/IPS system compatible with existing networking and security solutions?
  • What is the impact on the end user (will it improve productivity)?
  • What are the budget requirements for purchasing, deploying, and supporting IDS/IPS?

The answers to these questions will indicate what IDS/IPS solution best fits the needs of the business. Today’s CFOs need to become more involved with IT decisions, especially those that can impact business viability, and implementing IDS/IPS can kickstart possibilities for future IT collaboration.

Share.

Frank Ohlhorst is Editor-in-Chief and Analyst for Acceleration Economy focusing on IT Strategy and Security. He is an information technology industry analyst and award-winning technology journalist, with extensive experience as a business consultant, editor, author, and blogger. Frank contributes to several leading technology publications and has contributed to eWeek, Enterprise Security Planet, Enterprise Networking Planet, CIO.COM, Desktop Engineering Magazine, SDTimes, IDG, Techrepublic, Peerlyst and numerous other publications. Frank also moderates roundtables at industry events, presents at industry events and helps organize industry events.

Related Posts

Add A Comment

Comments are closed.