Why IDPS is Cumbersome and Hampers Security Personnel
This is the final blog in our three-part series about why you should get rid of your aging intrusion detection and prevention systems (IDPS) and replace it with modern network detection and response (NDR).
In the first part we talked about how IDPS leads to alert fatigue by overwhelming security operations teams with false positive alerts, ultimately leading to missed attacks. In the second part we discussed how IDPS is ill-equipped to detect what is known as lateral movement, east-west traffic, or simply put, attackers moving around inside your deployments.
In this blog, I’d like to discuss why many teams are struggling with the burden of maintaining these outdated deployments. Most organizations are struggling with the security skills gap, and access to talent overall. In fact, 88% of leaders believe there is a shortage of cybersecurity skills in their company, according to the 2019 Cyber Security in Focus research. There will be 3.5 million cybersecurity jobs available yet unfilled by 2021, according to the 2019/2020 Official Annual Cybersecurity Jobs Report by Herjavec Group.
Against this backdrop, it’s not hard to understand why many would rather have their strained existing staff work on something else than an outdated IDPS system that’s adding little value to their security posture. According to the Ponemon Institute, 27% of IT personnel say the most time-consuming task involves creating, modifying and updating intrusion detection systems. Daily tasks such installing new signatures, tuning them, and trying to reduce false positive alerts—all for something that won’t detect modern attacks.
The Vectra Cognito Platform with its AI-driven cyberattack detection capabilities is the ideal replacement for today’s IDPS products that cannot block contemporary cyberattacks and cannot detect hidden attacker behaviors inside your network. By allowing AI to do the thinking and reducing the manual security operations workload, you’ll spend more time on threat hunting and incident investigations and less time tuning IDPS signatures. The Cognito Platform uncovers in-progress cyberattacks inside networks by combining threat intel with rich contextual data, such as host user behaviors, user and device privileges, and knowledge of malicious behaviors. Detections are correlated to the hosts under attack, and each is scored and prioritized according to the highest risk. Hosts with detections are plotted in the Threat Certainty Index in the Cognito dashboard, which instantly reveals hosts at the center of an attack.
It’s time to jettison the moth-eaten limitations of IDPS and concentrate on detecting and mitigating active threats inside the network—from users to IoT devices to data centers and the cloud workloads—before attackers have a chance to spy, spread and steal.
If you’re ready to change your approach to detecting and responding to cyberattacks, find out how NDR is the ideal replacement for IDS and how NDR helps fulfill compliance. Or, you can reach out to us for a demo.