To provide the proactive security needed in today’s dynamic IT environment, a new and more powerful form of intrusion detection has now emerged.
A behavioral approach
This new approach, called behavioral intrusion detection, uses sensors placed at strategic points throughout an organization’s network – such as at the firewall, on internal servers, databases and other locations – to monitor and analyze potential security threats.
The first generation of behavioral intrusion detection systems employed an initial ‘learning mode’ period, during which the data collected by these sensors is evaluated and stored, and used to create a profile of network behavior under typical operating conditions. Once a profile has been established, the system is switched to monitoring mode, and current network activity is compared to the profile to identify and investigate potential security threats.
Behavioral ID represents a notable advance in security protection, but those first-generation systems suffer from a timebased limitation not unlike those associated with library-based scans. Once the learning mode is switched off, these early generation behavioral systems can identify only those threats contained in the established and increasingly obsolete profile.
Nor can those set-profile systems adjust quickly enough to effectively monitor the changing behavior of robust enterprise networks – networks that change constantly as organizations launch new business initiatives, consumer demand fluctuates and security threats emerge and mutate.
To meet the dynamic needs of today’s networks, a new generation of technology has now added a sophisticated adaptive capability to the science of behavioral intrusion detection.
These adaptive solutions collect data from host and network ID devices on an ongoing basis, and then constantly analyze and correlate that information to create a continually evolving – and thus always current – behavioral profile of the network. This predictive and adaptive approach essentially creates a custom security system for every organization, and provides optimum protection in an environment where both network traffic and security threats are constantly changing.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.