We've noticed some pretty sweet 1990s throwbacks popping back up. The fashion-forward set are unironically sporting loose-fitting jeans, vintage Doc Martens, and Nirvana T-shirts—but there are a few late-20th century relics that really shouldn't be hanging around. Intrusion detection systems (IDS) are one of them.
ExtraHop has released a new white paper digging into the limitations of IDS and what makes next-generation IDS (NG-IDS) such a huge leap forward.
Once Cutting Edge, Now As Little As 2.5 Percent Effective
Like grunge subculture, IDS gained a lot of traction in the 1990s. At the time, a narrow set of CVE vulnerability exploits made up the top attack techniques. IDS technology was conceived around the idea that you could form a barrier around your perimeter by recognizing and blocking known signatures and patterns.
Because IDS uses signature-based detections centered on known CVE vulnerabilities, it assumes that attackers are predictable. We now have evidence that says these CVE exploits are still used by attackers—approximately 2.5 percent of the time according to the Verizon DBIR.
Recent attacks such as SUNBURST have proven that attackers now use more creative tactics and will go through extreme lengths to imitate legitimate activity, making them inherently unpredictable. According to the Verizon 2020 Data Breach and Incident Response (DBIR) report, out of 3,000 investigated breaches, 97.5 percent were caused by attacks that IDS wasn't designed to detect.
This dwindles down the usefulness of IDS to a mere compliance checkoff that is as little as 2.5 percent effective.
The Principles of Next-Generation IDS
Next-generation IDS (NG-IDS) assumes that the adversary is cunning and evasive, and is using advanced techniques that make detection more difficult. NG-IDS upgrades detection capabilities to match attackers' increased sophistication. It's better equipped to address fundamental changes of cloud and IoT technologies, which offer attackers new threat vectors.
NG-IDS uses a multi-layered, defense-in-depth approach, covering both the perimeter and internal, east-west activity and uses machine learning to recognize behaviors, and not just patterns or signatures.
Next-Gen IDS Compliance and Value Check
Regulatory compliance makes IDS compulsory for many industries, but by putting your IDS budget toward NG-IDS, you can meet the same objectives while gaining far better security. Organizations that adopt NG-IDS gain unmatched security, can consolidate security tools, and detect threats faster.
NG-IDS accomplishes this by offering agentless detection of hybrid and cloud-based networks and all connected devices, amounting to more complete coverage of both network and the perimeter. By analyzing network traffic, NG-IDS closes visibility gaps, adds robust investigation and response capabilities, and helps organizations improve their overall security hygiene.
For those of you who are nostalgic for the '90s, dress in your finest corduroy and flannel, and rock out to Soundgarden—we'll support you. Just know that '90s IDS technology is out for good. NG-IDS with NDR technology is in.
Learn more by downloading the ExtraHop white paper, Retire That Noisy '90s IDS, Upgrade to NG-IDS.