INTRUSION DETECTION SYSTEM
Signature-based Intrusion Detection Systems (IDS) suffer the near fatal flaws of cost and complexity of deployment. Security administrators should consider augmenting IDS deployments with Network Behavior Analysis (NBA) to harness the power of a flow-based security and network-monitoring technology.
IDS technologies are well-suited for filtering well-known, well-defined attacks at the perimeter yet very costly and challenging to deploy in high speed switched core or distributed WAN environments. Intrusion detection systems maintain a database of signatures to block known, recognized attacks New attacks for which no known signature have been developed easily bypass this line of defense. Furthermore, the inline deployment of IDS technologies limits the scope of their deployment to a relatively small subset of the network and increases the cost of network-wide deployment to astronomical heights.
Designed for internal and distributed security and network monitoring, Lancope’s StealthWatch leverages NetFlow and sFlow from routers and switches as well as SPAN ports. They are “behavior-based”, no signature updates are required to detect attacks and anomalies.
Classic IDS/IPS technology |
NBA technology |
Database signatures detect known attacks |
Real-time monitoring of host behaviors and traffic analysis to identify threats |
Per-packet, inline blocking of attacks |
Mitigation via network infrastructure or integration with inline devices |
Cost prohibitive at speeds above 1G |
Unlimited monitoring of high speed networks at no extra cost |
Minimal forensics value |
Archived audit trail of network IP communications |
Little to no network performance tools for identifying DoS, worm outbreaks |
Extensive network performance reports including top talkers, interface utilization, exporter tracking, etc. |
No identity integration |
User-identity aware |
Limited visibility per direct network connection |
End-to-end network visibility |
Commonly deployed technology |
Innovative technology deployed by early adopters |
To learn more about how network behavior analysis and intrusion detection system technologies detect zero-day attacks, visit Lancope’s Download Center to read the "White Paper: “Zotob: Zero-Hour Detection and Response” and learn how StealthWatch provides zero-hour detection of and response to network threats that bypass traditional security defenses.
