Q
Get started Bring yourself up to speed with our introductory content.

When is a breach detection system better than an IDS or NGFW?

Breach detection systems are gaining steam, but when would they be more appropriate to use than an IDS or NGFW? Expert Kevin Beaver explains.

How would you describe the difference between a breach-detection system and a traditional intrusion detection/prevention...

system or next-generation firewall, particularly from the perspective of how each type of device interacts with network traffic? In which enterprise settings would a breach-detection system be more appropriate to leverage?

There's definitely a difference between traditional network security controls such as intrusion prevention systems or next-generation firewalls and actual breach detection. The former security controls can provide information and insight (oftentimes too much) into what's taking place on the network such as network scans, denial-of-service attacks and blocked intrusions. Breach detection systems can go a step further and actually confirm that a breach has occurred by using things like heuristics, traffic analysis and predefined security policies.

The interesting thing I have found over the years is that many network admins and even executives that are privy to what's happening on the network are quick to quote how many times their network is attacked or "hacked" every single day. It's usually a number in the thousands or tens of thousands range. However, this does not paint an accurate picture of actual information risk. In the end, what matters the most is actual detection/confirmation of security breaches and, of course, the prevention of such incidents.

It seems that breach detection is the new "cybersecurity" -- yet another vendor-born rebranding to stir up interest in the market. There's no doubt to the validity of "response is the new prevention" approach to breach detection. I'm just not convinced it's another technology we must layer on to fix our security woes, especially given how much we're overlooking the simple stuff.

When it comes to deciding where a breach detection system may be appropriate to deploy (and likely used in conjunction with an IPS or NGFW), I suggest:

  1. In complex IT environments, namely large enterprise business and government agencies; and
  2. Small and medium-sized environments where little to no security technologies are in place to detect such security incidents.

In the end, the enterprise that blocks all attacks is not the one that wins because that's an impossible feat. Instead, the enterprise that wins is the one that has a technical and operational environment that facilitates the prompt response to security breaches to help minimize the impact to the organization.

Ask the Expert:
Want to ask Kevin Beaver a question about network security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Beyond the Page: Learn more about breach detection systems

This was last published in May 2015

Dig Deeper on Information Security Incident Response-Information

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

Does your enterprise use a breach detection system? Why or why not?
Cancel
This could be above my pay grade, but what's the main science or tech behind a breach detection strategy and an intrusion detection system? If they rely on similar technologies and notification processes, then I'm not sure either is better than the other...just different. Ultimately, I would want human evaluation on any breach in real time to ensure that it's not an error and that steps are taken to get offline and protected fast.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close