Real-Time Adaptive Security
Although most organizations currently employ some form of network intrusion detection or prevention, they're typically using first-generation tools that lack the context needed to react and adapt in real-time. Without context, IDS/IPS will continue in its notoriety for an over-abundance of false-positives that keep administrators tracking down unimportant issues while missing those that are important.
Real-time adaptive intrusion systems integrate with network access controls and user data repositories for tracing events to systems and specific users, dynamically monitor traffic patterns to mitigate threats, leverage vulnerability assessment data to correlate with alerts to reduce false positives down to actionable alerts, and can be used to continuously tune sensors and rules.
All of these technologies and processes working together provides context that IDS/IPS needs to adapt to new threats in today's ever-changing network and threat environments. Real-time adaptive intrusion systems represent the next generation of IDS/IPS-adaptive, real-time, and accurately determining events, dropping non-events, and setting priorities.
Director, Configuresoft's Center for Policy & Compliance
Dave Shackleford, Director of Configuresoft’s Center for Policy & Compliance, is an instructor and course author for the SANS Institute, where he also serves as a GIAC Technical Director. He is the co-author of Hands-On Information Security from Course Technology, as well as the ‘Managing Incident Response’ chapter in the Course Technology book, Readings and Cases in the Management of Information Security. Previously, Shackleford worked as CTO for the Center for Internet Security, as well as for a security consulting firm in Atlanta. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies. He has consulted with hundreds of organizations in the areas of regulatory compliance, security, and network architecture and engineering. His specialties include incident handling and response, intrusion detection and traffic analysis, and vulnerability assessment and penetration testing.
- 30 Dec 2008
- 30 Dec 2008
- White Paper