Whilst it’s good to have an information and data governance framework within an organisation, it is important to pay close attention to the components that make the framework technically secure. One of those key components include the role of intrusion detection system and intrusion prevention system.
An organisation has customers streaming through their online portal at about a thousand visitors per hours. These customers not only come to look at items that they would be interested in buying but also “favourite” items that they would come back to look at in the future. The organisation, however, fails to check for intrusion or create plans to prevent these intrusions when they do occur. As such, when a malware hits their network systems it not only stifles their daily operation it also affects revenue in that period.
To tease out how an intrusion detection system and intrusion prevention system would have helped in the above example, it’s important to foreground the article with clear definition of terms. The intrusion detection system helps to monitor a network (network-based IDS) or single (host-based IDS) with the aim to recognise and detect an intrusive activity. In the example above, with a network-based IDS the company would have had the monitoring capability for detecting attacks from outside and, more importantly, would have the power to identify irregular behaviour within their network.
There are various types of IDS but at the minimum three stand out. They are signature based, statistical based and neural based. On the peripheral these IDS look for specific predefined patterns to detect intrusion, flags abnormal activity and come with functionality of self-learning certain behavioural patterns within network.
For the successful implementation of IDS, there must be tuning which is the most important element there is. Tuning is the process of simply adjusting the criteria to determine the level of abnormal behaviour in a network and to determine whether the IDS is properly tuned to simulate various attack scenarios and review the performance of the IDS.
The intrusion prevention system is eponymic in its feature in that it cannot only detect the intrusion attempts but also prevents the impact of the intrusion of the attack. In our example above, the malware led to a denial of service and impacted the business. The IPS will prevent such things from happening and save the business some money and administrative time used in containing the spread of the virus to other areas of the business. To put it succinctly, intrusion prevention system prevents the intrusion activities.
Businesses with robust information governance framework must consider employing these tools in detecting these threats to their networks. Many organisations that have failed to have these systems have paid high amounts in fines, customer compensation and lost revenue. The cost of implementation varies, and organisations must factor in the cost of implementing these systems while drafting their data/information governance structure.
