New system from CSA helps to quickly identify network breaches -
We see it on the news with regularity: another data breach discovered with thousands of victims private information being exposed and their identities stolen. What we often don’t see is the business aftermath of such an event. Data breaches such as these can bring a business to a standstill, unable to accept payments or access important business documents while costing the organization untold amounts of lost productivity and dollars.
A data breach can take on many forms, often highly technical in nature such as a misconfigured computer system. In other cases, it comes down to the human element. Someone clicks a link on a malicious website or a seemingly legitimate e-mail disguised as an important request from the CEO and ends up infecting their computer. Oftentimes an attacker only need gain a tiny foothold on one computer to begin causing havoc for the business.
The faster a data breach can be identified, the lower the cost to recover, both directly and indirectly. Those costs from a computer incident can be staggering. Legal fees, victim notification costs, forensic analysis, remediation costs and regulatory fines are just a few of the hurdles an organization faces when a data breach occurs. A study by the Ponemon Institute entitled “2018 Cost of a Data Breach” found that the detection time between when an attacker successfully gains access and when they are detected was 197 days. While this statistic has been slowly dropping, it is still entirely too long.How do we protect our business without breaking the bank? Having a strong IT foundation is a great first step to prevention. Anti-virus software helps protect individual computers, while firewalls help protect the network from external attacks coming into the organization from the internet. Both technologies are likely deployed in your organization and help form the base for a defense against these attacks. But they are not a complete solution, and both have their blind spots.
When a computer is infected, the malicious software installed can subvert the computer, in some cases hiding itself from anti-virus and creating a sort of backdoor into the system. These can go undetected for some time. A key part of the solution to this is an Intrusion Detection System (IDS).
How does an IDS help protect your network? An IDS has visibility into and analyzes everything going across your network, searching for indications of malicious activity and compromise. These systems have been used in enterprises for many years now, but for small to midsize businesses it has traditionally been very difficult to justify the steep costs to purchase, deploy and maintain such a system in an ongoing basis.
At CSA, we have integrated several technologies into an IDS sensor that can be deployed at a single office or across multiple locations. Our security team initially spends several weeks collecting and analyzing data from your network. We then apply that data to the IDS system, tuning it specifically to your environment. Updates are regularly installed on the sensors from several CSA-vetted sources including the Department of Homeland Security.
A real-time web dashboard displays what the system is detecting and allows for correlation and analysis. Reports are sent out by the system on a weekly basis and provide a detailed summary of the items it has identified. Additionally, a prioritized list of CSA’s recommendations is assembled by our team and provided on the report. Advanced data reporting and analysis is available via our enhanced collector option for those who wish to delve deep into their networks themselves. For everyone else, our staff can also routinely monitor and issue recommendations.
The best part of all? CSA has worked hard to make this product an economical option for our members to use.
IDS is installed behind your firewall and monitors your network for any sign of unusual activity that might indicate a security related event. IDS software is available pre-loaded on a hardened, industrial, fan-less solid-state computer, or the IDS software can run on a hardened computer you provide.
Event notifications may be sent to your network administrator(s), or CSA can provide 24/7/365 monitoring. Notifications initially classify unusual events as “no threat,” “medium threat,” or “severe threat.” Multiple sessions of IDS can run concurrently in different network nodes with all events aggregated by optional IDS Collector software, which provides a dashboard view of your entire network.
IDS is available on a monthly subscription basis, with quarterly or annual billing options. There is no up-front cost, and the modest monthly charge makes IDS affordable for any utility.
CSA-provided hardware carries a 3-year warranty.
IDS may be implemented with NO upfront costs
IDS may be monitored by your staff or by CSA’s IT professionals
Need to go deeper? Try Orbit Collector – The collector aggregates data from multiple sensors, or enhances a single sensor’s analysis into a dashboard that you can use to further expand your intelligence gathering.