November 21, 2019

Understanding the Strengths and Limitations of Your Intrusion Detection System

Intrusion detection systems (IDS) are a vital consideration in today’s network security environment. But an IDS alone is not a complete solution given the extent of new threats. Learn what limitations your intrusion detection systems may have and how ARIA SDS can help increase the performance and effectiveness of your IDS.


Understanding the Strengths and Limitations of Your Intrusion Detection System

Intrusion Detection Systems (IDS) are a critical component of any enterprise network security environment. The IDS monitors network traffic for unusual activity and issues an alert or response when such activity is detected. 

That sounds straightforward, but IDS solutions must be continuously fine-tuned to distinguish between normal network traffic and potentially malicious actions. False alarms can be frequent (research shows that many enterprises now receive 5,000 alerts a day or more across all of their security tools) as traffic—and hackers—continue to evolve.

We believe that while an intrusion detection system is an important component of a modern security solution, the increasing complexity and expanse of network environments, as well as inventive and aggressive hackers means that organizations need to get better performance from their existing network security tools to accelerate their incident response capabilities, including threat identification and containment.

Let’s look at some of the limitations of an IDS-only security environment, and how organizations can help increase the performance and effectiveness of IDS solutions.

Limited visibility. Most intrusion detection systems are focused on the perimeter attack surface threats, starting with your firewall. That offers protection of your network’s north-south traffic, but what it doesn’t take into account is the lateral spread (east-west) that many network threats today take advantage of as they infiltrate your organization’s network and remain there unseen. We know this is true because research has shown that only 20% of discovered threats come from north-south monitoring.

Our ARIA Software-defined Security solution closes this network visibility gap with the ability to monitor traffic patterns from all directions.

Delays in response. When an IDS detects suspicious activity, the violation is typically reported to a security information and event management (SIEM) system where real threats are ultimately determined amid benign traffic abnormalities or other false alarms. However, the longer it takes to distinguish a threat, the more damage can be done. 

ARIA SDS improves the effectiveness of a SIEM deployment by not only providing it data from across the entire network, but reducing ingest volumes by using NetFlow metadata, as well as maximizing indexing power. IDS-detected threats are found sooner, reducing SIEM searches from hours to minutes.

Threat containment. As mentioned earlier, IDS-only environments have a good handle on  monitoring north-south network traffic and the typical surface threats. But east-west traffic is made up of some of the most fluid traffic paths and unmonitored devices. 

ARIA SDS can help secure devices on your network by sitting inline, and not on the device itself like an EDR would, enabling ARIA to stop threat conversations without taking a devices or applications offline.  Faster containment means you can prevent the spread of threats without taking critical assets offline.


IDS is more complete with ARIA SDS

Enterprise security and data protection have never been more important or more complicated. Suggesting that intrusion detection systems are not adequate protection, or the wrong approach, is far from the truth and not a criticism of IDS;  it is one of the most critical investments you can make. ARIA SDS enhances the effectiveness of IDS to provide full network visibility, and therefore, faster incident response, faster investigation, and threat containment for today’s enterprises.

The ARIA SDS platform and security applications are built to work seamlessly with leading security tools, including SIEM, IDS/IPS and SOARs, through the use of open, RESTful APIs so it can be dropped into any environment. What’s important—it is easily deployed in east-west traffic paths to monitor, capture, record, and segment all network communications within and between customer premises, even intra-VMs and between containers, datacenters, and the public cloud.

ARIA SDS enables your SOC processes and tools to now:

  • Find threats you’re missing with deeper and broader network visibility
  • Provide enhanced security for IoT, VM, and container environments
  • Create alerts with definitive proof and context to make faster, more informed decisions
  • Surgically contain threats without taking devices offline to remediate
  • Automatically stop data breach and exfiltration on your critical assets
  • Easily add network-based microsegmentation to your IR process

Ready to learn more about ARIA SDS and how it can improve the overall effectiveness of IDS solutions? Visit today. 


About ARIA Cybersecurity Solutions 

ARIA Cybersecurity Solutions recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor all internal network traffic, while capturing and feeding the right data to existing security tools to improve threat detection and surgically disrupt intrusions. Customers in a range of industries rely on our solutions each and every day to accelerate incident response, automate breach detection, and protect their most critical assets and applications. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way in cybersecurity success.


Tags: data breach, cybersecurity, siem