Intrusion Detection & Prevention
Network intrusion is a real and business impacting event, and can be damaging in one or more ways to both operations as well as to the business. The intrusion can be motivated in many ways for example:
Personal – An individual’s personal vendetta against a business or brand
Political – Hacktivist organisations damaging a brand or business’ operation
Financial – Extrusion of information for resale or financial gain
An intrusion attempt is the act of circumnavigating defenses or specifically targeting parts of the security systems, infrastructure devices or hosts. Intrusion attempts come in many forms and will commonly be part of multiple-staged probing of the network or resources for information on which to base subsequent attacks. The actual profile of intrusion events are wide ranging and the actual foot print in respect of the logs on network devices can be extremely small. This presents problems on several levels:
Management of different devices in the estate are spread across multiple departments
Devices many be managed by an external third party
Staff may not recognise or understand the relevance and the severity of a log event
Zero Day’ is a very common term used in the security market., intrusion detection systems allow businesses to increase their visibility of the more refined methods that malware, phishing, virus’’s, network scanning, port scanning, running exploits and brute force attacks can now have.
Intrusion Detection systems can now be deployed as separate appliances bundled into a number of border gateway security products as well as integrated at the host operating system and at the hypervisor level of VMware.
Security is, and for the foreseeable future will be, a multi layered approach. Although this product area has been widely left aside by most businesses, the change in the threat markets and some regulatory compliance such as PCI-DSS have provided compelling drivers for the implementation of solutions to both counteract the ‘real threat’ as well as raise security posture.
Intrusion at Gateway
Traditionally intrusion detection was carried out at security border gateway’s or at key points of the network deployed as separate hardware appliances. Intrusion detection was deployed into businesses that had a higher level of security requirements or security focus.
Much has changed in the recent years, the advent of the cloud, application aware security products and the, introduction of branch level UTM (Unified Threat Management (UTM) devices to name a few.
Air Marshal is Meraki's wireless intrusion prevention (WIPS) solution. Integrated into every Meraki access point and centrally managed from the cloud, Air Marshal detects and neutralizes wireless threats, delivering state of the art protection to the most security conscious distributed networks.