Why Intrusion Prevention Systems (IPS) must address internal threats too
The days when cyber security could focus on protecting your organisation’s perimeter are long gone. Today, the biggest threats don’t just come from what’s lurking outside your perimeter, but also from the inside of your network – with suppliers, partners, customers, guests and employees connecting to it in a variety of ways. It’s becoming ever more common for threats to be carried right through your front door on mobile phones or USB sticks. Of 2014’s worst security breaches, 10% were due to portable media bypassing defences and 7% came from mobile devices. Meanwhile, according to the FBI, more than 70% of information security managers now see insider threats, both intentional and accidental, as their biggest concern. In this environment of increasing internal dangers, a standalone Intrusion Prevention Systems (IPS) is essential to safeguard your valuable assets – detecting and protecting you against ever more dynamic and sophisticated threats such as advanced persistent threats (APTs) and malware. ‘Standalone’ is the crucial word here. An integrated IPS in your perimeter next-generation firewall is a good start and might sound like enough, but ultimately it can only protect your perimeter. You need to be keeping a watchful eye on internal traffic too. Based on traffic anomalies and the latest threat signatures, a standalone IPS Solution will report or block malicious activity anywhere in your network, even if it’s encrypted. That’s critical when 25-30% of enterprise network traffic is SSL encrypted and cyber criminals are exploiting this trend to hide malware from signature-based detection. However, technology alone is not enough; you also need the resources and expertise to understand what an attack is, when it’s happening, react appropriately and remediate it successfully. We think the best approach to IPS is combining it with a dedicated managed service. This ensures flawless IPS performance with constant security monitoring and awareness, while reducing costs with time-consuming upkeep, and the need to hire new expertise. A fine-tuned IPS is more than just threat signatures and security logs; it’s about the knowledge and insight to analyse alerts, sort the ones that matter from those that don’t, and the capability to quickly update bespoke security policies. To learn more about why every business should be thinking about IPS, and how you can ensure a fast and simple deployment, take a look at our comprehensive guide to Intrusion Prevention Systems.