intrusion_14
ICSA, Inc.
For more information, call 888-396-8348 14
An Introduction to Intrusion Detection and Assessment
Figure 2 illustrates the existing elements of the
information security market. Intrusion detection
and vulnerability assessment fit in the sector
labeled Assessment.
Note that in monitoring and auditing the rest of
the products in the matrix, intrusion detection
support all of the goals.
Why Firewalls arent enough
A common question is how intrusion detection
complements firewalls. One way of characterizing
the difference is provided by classifying security
violation by sourcewhether they come from
outside the organizations network or from within.
Firewalls act re as a barrier between corporate (inter-
nal) networks and the outside world (Internet),
and filter incoming traffic according to a security
policy.
This is a valuable function and would be sufficient
protection were it not for these facts:
1. Not all access to the Internet occurs through
the firewall.
WHERE INTRUSION DETECTION
SYSTEMS, FILE INTEGRITY AND
VULNERABILITY ASSESSMENT
PRODUCTS FIT IN NETWORK
SECURITY MANAGEMENT
Network Security Management
Network Security Management is a process in which
one establishes and maintains policies, procedures,
and practices required for protecting networked
information system assets. Intrusion Detection
and Vulnerability Assessment products provide
capabilities needed as part of sound Network
Security Management practice.
The Security Hierarchy
The following diagram outlines an Information
Security Hierarchy. It outlines the security measures
that comprise the foundation for any security
technology.
Note that in order to achieve enterprise-wide
security results, Layers 1-3 must exist in order for
the technologies and products in Layer 4 to be
effective.
Layer 4
Information Security Technologies and Products
Layer 5
Auditing, Monitoring, Investigating
Layer 3
Information Security Awareness and Training
Layer 2
Information Security Architecture and Processes
Layer 1
Information Security Policy and Standards
s
Layer 6
Validation
Source: GartnerGroup
Figure 1 - Information Security Hierarchy5
Figure 2 Information Security Market6
Source: GartnerGroup
Firewalls
Anti-Virus
Enhanced User Authentication
Access Control and User Authentication
Cryptography
Assessment
Logging, Reporting, Alerting
Secure, Consolidated User Authentication
Certification
Physical Security
Management
&
Administration
Consulting
5 Source: Gartner Group, Conference Presentation, May, 1997.
6 Source: Gartner Group, Conference Presentation, May, 1997.