Home News Intrusion detection must evolve states SANS

Intrusion detection must evolve states SANS

by Brian Sims

As network speeds increase, real time packet inspection is not sufficient to deal with cyber-attacks, according to Dr Johannes Ullrich, Dean of Research and a faculty member of the SANS Technology Institute. He states, ‘Faster networks are making it harder for intrusion detection techniques to keep up with the threats. Instead, organisations need to turn to a wider set of data gathering techniques to be able to spot attackers.’ Techniques such as netflow analysis and the correlation of intrusion detection alerts with other logs, such as the inspection of DNS logs, have been cited as methods that can help detect intrusion. Whilst the most common attack vector is the opening of attachments and links to infected sites that trigger zero-day attacks, Ullrich also identifies mobile devices as a growing threat. He states, ‘Apple IOS is better at stopping these threats as its devices are more closed, but Android is a real challenge and we are seeing malware, especially those attacking two-factor authentication systems, used in mobile banking applications.’ Cellular networks are also providing an alternate method for the avoidance of traditional network firewalls and IPS (intrusion protection) systems, by attacking mobile clients in order to gain access into the enterprise environment. Whilst such attacks are still rare, the do represent a longer term risk. Cellular connections can also allow communications to be intercepted and tampered with, and as such this type of vulnerability needs to be tackled.

You may also like