HIP (host intrusion prevention), on the other hand, offers greater promise for blocking known and unknown attacks at the target. HIP enforces access control to the operating system and system services. By defining what an application can or cannot access, all manner of attacks that leverage operating system services can be thwarted because attackers exploit vulnerabilities that provide access outside the application's normal operating parameters. System calls trapped at the kernel level are matched to policy and, if denied, are stopped. Pure application-layer attacks, such as those that attempt to manipulate database tables and data but don't request system services, are not deterred by HIP, however, and developing and deploying HIP policies can be complicated and time-consuming. But given the increased protection, that's a relatively small price to pay. We expect HIP applications to become more robust and manageable over the next year as Okena, Computer Associates, Harris, Entercept and other vendors modify their protection applications based on user feedback and deployment experience.
Danger: A deluge of event data
Solution: Rely on SIM
Once your network security has gotten to a point where enough components, such as firewalls, IDSs and VPN gateways, are deployed or outsourced, you can spend time monitoring logs and mentally correlating events. Given enough experience and knowledge of individual systems, a seasoned administrator can make sense of the data and perform some real investigative work. Unfortunately, getting to that point is difficult and, let's face it, manually correlating data is time-consuming.
That's where SIM (security information management) data aggregation and correlation tools come in. Event aggregation is simple compared with event correlation because there are few formalized methods for accurately correlating disparate events into a single, related chain. But don't overlook the difficulties tied to event aggregation. As the number of devices feeding events into the SIM product increases, so do storage, bandwidth and horsepower requirements. And getting all these products to talk to each other is, well, daunting. The value of SIM diminishes if you can't get all your data sucked in.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
