Intrusion Detection Systems: What You Don’t Know Will Hurt You

Posted by Mark Greisiger

A Q&A with Joseph Loomis of CyberSponse
The fact is, most companies that have suffered a breach failed to detect the intrusion as it was occurring, and only made aware after the damage was done. A Intrusion Detection System (IDS) with organized and correlated data can be an invaluable solution for incident response—but only if the system is installed and managed correctly. I spoke with Joseph Loomis of CyberSponse about some of the issues around IDS and how companies can use them more effectively.

Can you sum up the challenge companies have with their IDS data?
IDS are still a weak spot for many companies. The challenges are manifold, and come from many areas:

    • Lack of IDS systems
    • Costs of IDS systems
    • Improperly configured systems
    • Lack of personnel who know what they are looking for within the alert data
    • Lack of mature response to such alerts (and often times there are more alerts than not)

How can a company better automate and act on actionable intelligence?
This is precisely why we built CyberSponse. It’s a single platform that allows customers to search data, index data and also incorporate threat intelligence, alerts and incident response plans—all on one platform.

Why should senior leadership and risk managers care about this issue?
You hear this often in our field: It’s not if, it’s when. The target area is growing rapidly and the methods of intrusion are, too. Ultimately, detection, response and remediation are the only ways an organization can effectively limit a compromise within its system(s). Given the speed and ever-changing nature of the threat, it’s time leadership and risk managers consider ways to implement faster detection and response while minimizing damage. With expensive claims also on the rise, I’m sure we will see insurance carriers adopting this approach as well. It’s really only a matter of time.

In Summary….
Thanks to Mr. Loomis for his insights into IDS and correlation/management of incident data. The fact is, most organizations—large and small—that have suffered data breach events failed to detect the breach on their own. Such an oversight is bad for a number of reasons: It degrades the organization’s reputation with its own clients who are often informed of an event months later. It provides ammunition to state attorney generals and class-action plaintiff lawyers who want to prove that data breach victims were harmed by this negligence. It can set up the organization for greater financial loss through legal and