Ideally, we'd like a standard IdM schema that extends into the hardware infrastructure, so that we can maintain a single identity store. The problem arises with network device and appliance vendors that insist on managing valid users in proprietary ways. As you contemplate purchases, ensure you know the architecture of your name stores, how they relate and how IDs relate across them. This will streamline adoption of meta-group management products.
Bad Network!
NBAD systems use passive sensors to watch your network for strange behavior and attempt to determine who's doing what--and whether they should be doing it or not. Some IPS products have recently pulled in NBAD functionality, as have security event information management vendors.
We approve of this trend; NBAD is a valuable piece of an overall security architecture. For example, while the focus of an IPS is to block illegal activity, and the focus of SEIM is to log security events and incidents while watching those logs for anomalous behavior, NBAD tools watch for abnormal behavior on the wire, attempting to determine when some activity should be disallowed. If a host that's normally connected only to a database and a directory server suddenly starts creating connections to other machines, the NBAD should detect the activity. IPS and SEIM products are more likely to ignore such behavior, especially if the connections are few and the traffic appears benign.
In time, NBAD as a standalone product will decline, as people consistently choose more complete architectures. We expect an increase in anomaly detection in SEIM products in 2007 and a move by NBAD vendors like Q1 Labs, Arbor Networks and Riverbed to be more firmly in the SEIM camp.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
