Deploy distributed Intrusion Detection (IDS)
Why it matters
Intrusion Detection Systems (IDS) adoption has become more commonplace especially through their integration with firewalls. While the integrated and centralized IDS’s are definitely recommended, they may leave several gaps:
- Proper visibility across different networks such as OT, is lacking
- Attacks finding their way or originating from beyond the firewall remain undetected
- Detection can’t be fine-tuned for each protected network. For example IT vs. OT
How we can help
- SensorFleet platform makes it easy to deploy lightweight Sensors across networks, running IDS’s as Instruments
- Distributed deployment provides a second line of defence and more granular detection
- IDS instances can be managed as a group, but also fine tuned individually
Bigger picture
Distributed IDS deployment is a part of defence in depth strategy and helps organizations to monitor otherwise “dark” corners of their networks. SensorFleet platform can be used for deploying and managing both Suricata and Zeek instances, either individually or as groups.
A network management system, Intrusion Detection, or Security Information and Event Management system with a capability to monitor and react to cyber incidents or intrusions in the IACS side of operations can improve the cybersecurity posture significantly. It is recommended to establish a capability to conduct continuous monitoring on process networks for unusual behavio