Agencies should layer intrusion detection and protection systems, says NIST
A single intrusion detection and protection system is rarely enough for good cybersecurity, says the National Institute of Standards and Technology. Federal networks should layer multiple IDPS technologies to provide more comprehensive detection, according to new guidance from NIST.
The agency published July 25 a draft revision to special publication 800-94 (.pdf), its guide to designing, implementing, configuring, securing, monitoring and maintaining intrusion detection and protection systems.
"In many environments, a robust IDPS solution cannot be achieved without using multiple types of IDPS technologies," and most environments will at least need network-based and host-based IDPS technologies, says NIST.
Network-based IDPSs monitor particular network segments or devices to identify suspicious activity and host-based IDPSs monitor the characteristics of a single host and the events occurring within that host for suspicious activity, says NIST.
Some agencies and departments may also need wireless network IDPSs or network behavior analysis technologies, which are more adept at detecting denial of service attacks and worms, for example, according to the guidance.
When agencies do use multiple IDPSs, they should consider whether a single vendor can provide consolidated IDPS solutions. Security information and event management, or SIEM, software may alternatively provide a single console for the management and monitoring of multiple IDPSs. Another option would be to have one IDPS product provide data for another IDPS product, recommends NIST.
As with all IT solutions, agencies should have clearly-defined requirements when selecting IDPS products. They should consider security capabilities and performance, but also design and implementation, maintenance, training and technical support. The complete lifecycle cost of the technology is another major consideration for agencies selecting and IDPS, says NIST.
Agencies should use third-party product reviews and lab or real-world testing to inform their purchasing decisions, recommends the publication.
- download the publication, "Guide to Intrusion Detection and Prevention Systems" NIST SP 800-94 Revision 1 Draft (.pdf)
Cyber attacks on critical infrastructure could have been foiled with common precautions
34% of IRS servers not monitored for cyber threats
NIST instructs agencies on cyber-incident response