Startup and Technology News

We call IDS ( Intrusion Detection System ) a mechanism that listens to network traffic in a furtive way in order to identify abnormal or suspicious activities and thus making it possible to have a preventive action on the risks of intrusion. There are two main distinct families of IDS: The NIDS ( Network-Based Intrusion Detection System ), they provide security at the network level.The H-IDS ( Host Based Intrusion Detection System ), they provide security at host. An N-IDS requires dedicated hardware and constitutes a system capable of monitoring the packets circulating on one or more network link (s) in order to discover if a malicious or abnormal act takes place. The N-IDS places one or more network interface cards of the dedicated system in promiscuous mode , they are then in "stealth" mode so that they do not have an IP address . They also do not have a protocol stack attached. It is frequent to find several IDS on the various parts of the network and in particular...

One of the main activities within security (whether physical or logical) is monitoring. Monitoring is based on the initial definition of a series of thresholds of "normal" behavior of an object (an automatic control system, a data network, a computer, a computer program, etc.) and the subsequent comparison with its status current to detect possible anomalies at a specific time. This monitoring gives rise to a continuous feedback that will allow the activation of detective and / or corrective activities aimed at re-aligning this element within the established parameters: As can be seen in the diagram, there are 3 functional blocks within the monitoring process: A source of information or object to monitor, which processes, transmits or stores data An analysis action where behavioral data from the information source will be collected and compared with the expected parameters A response to abnormal behavior, which can be passive (alert) or active (which can modify the enviro...

For organizations that want to maximize their security strategies, but cannot fund full-time security teams, initiatives like MDR can be a viable option. Why? To facilitate the work of security teams, when creating an incident response team, it is necessary to set up an organizational structure with a policy that is applicable and mainly effective. (this section seems a little out of place) Essentially, MDR is made up of security analysts and response analysts who examine an organization's records for suspicious events. For example: proactive threat detection and analysis, including vulnerability analysis, patches, firmware updates and monitoring of intrusion prevention and detection systems (  IDS / IPS  ). After registering a malicious activity, the team will do a more in-depth analysis. MDR is then responsible for researching threats and resolving incidents. This creates a delivery process for solving the analyzed case - such as notification to the customer, threat intelli...

There are different ways of trying to distinguish anomalous or malicious behavior, so different IDS system developers have addressed the problem in different ways. Although the solutions that we can find in the market usually include several of these forms of work, they have traditionally been categorized as follows: Signature-based detection : This system attempts to locate a previously known chain of information in a communication. Thus, the system analyzes http traffic for request strings that induce a possible SQL Injection attack. The main advantage of this strategy is its high efficiency to detect attacks already known but, as a counterpart, it is practically useless to detect attacks not yet known by the system. Policy-based detection : This system requires a thorough definition of the type of communication (and not just ports and protocol) between servers or different networks. These are very effective systems that require detailed configuration. Detection based on anoma...