Learn about the security-relevant characteristics of IDS and IPS data and how it can contribute to improving network security.
- [Instructor] As you know firewalls log rejected packets as errors. On the other hand, IDSes or IPSes produce security alerts as their data. They use signature files that define what should be examined in packets to recognize an impending attack. More recently offenders are attempting to identify intrusion attempts by comparing the normal and abnormal behaviors of a network under watch. In fact, a newly emerging approach seeks a combination of both signature and behavior-based detection.
To accomplish behavior-based detection, IDSes or IPSes need to be able to analyze a large quantify of data. Coincidentally many breakthroughs in information technology and data science such as Cloud computing and big data analytics are now occurring. And they're acting as enablers used for more efficiently implementing the behavior-based IDSes and IPSes. Cloud computing is essential to hold and process an enormous amount of packets captured by IDSes and IPSes.
To improve the processing efficiency in the Cloud setting, distributed computing and file systems like Hadoop and Spark are also indispensable. To speed up the IDS or IPS decision making based on the analysis of the processed packet data, automation is a must. And machine learning and deep learning are starting to meet this need. IDSes and IPSes are usually self-contained systems. But they can also serve as a data source for another system such as a centralized log server or SIEM by forwarding their alert messages to a target application.
This is why you shouldn't overlook the crucial roles IDSes and IPSes play as data sources. Therefore don't forget to include IDSes and IPSes when your goal is data driven network security.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization