cbyber security

Disagree

There are a variety of ways for an organization to detect a breach or intrusion. A common tool used to detect an intrusion is an Intrusion Detection System (IDS) An IDS is a “hardware device or software application that uses known intrusion signatures to detect and analyze both inbound and outbound network traffic for abnormal activities” (Intrusion detection and intrusion, n.d.). An IDS is meant to be used as a tool to help security specialists detect common intrusion events in order to act on them.

However, an IDS should not be used as the only method of detecting an intrusion. Security specialists should be actively checking for any suspicious activity that may be overlooked by an IDS. Some behaviors such as unusual login times, reduced operating speeds across the network, heavy, unexplained network traffic, use of nonstandard command prompts, unexpected restarts, use of unusual software, malfunctioning of antivirus/security software, and the presence of unexpected IPs should be considered as suspicious activity and may be an indicator of an intrusion or breach (How to detect data, n.d.). These kinds of checks can be done by setting up alerts for logins during a certain timeframe, auditing software installs and system errors, and monitoring network traffic when possible using firewalls, IDS, and packet sniffers.

When a security expert successfully detects an intrusion, their priority should be to isolate critical corporate assets and neutralize the intrusion as quickly as possible. In the case of compromised user accounts, deactivating or disconnecting those user accounts is a quick and simple solution to isolate the attacker and protect corporate assets. In more complex scenarios, security specialists can segment the network and isolate critical assets. This can be achieved using virtual local access networks (VLANS) that have their default gateway on the switch set to a firewall where traffic can be further scrutinized based on specific ports, protocols, and traffic direction (Knight, 2017). This places additional barriers around critical assets to keep the information detected until the intrusion is neutralized. Ideally, VLANs and network segmentation should be pre-planned into the network architecture as part of a layered defense approach to security. Building intrusion detection methods and network segmentation into the overall security plan can reduce intrusions and reduce the potential risk of a breach occurring while preventing information loss in the event of a successful breach.