Anti-Malware , Cybersecurity , Events

Why Detection Systems Don't Always Work Even When Spotted, Breaches Often Aren't Stopped
Why Detection Systems Don't Always Work
Claudio Neiva

Gartner's Claudio Neiva says there only so much an intrusion detection and prevention system can do, so organizations need to take additional steps to safeguard critical data and systems.

A number of systems have detected - but failed to stop - some major breaches, including the recent one that exposed the personally identifiable information of 4 million current and former U.S. federal government employees (see OPM Breach: The Unanswered Questions). As Neiva points out in an interview with Information Security Media Group, detection and prevention systems can mitigate attacks that have known vulnerabilities. But many zero-day attacks involve unknown tactics and malware, and that's a significant shortcoming.

"What you need to improve is the way you [execute processes] to discover unknown things," Neiva says.

In this interview, conducted at the Gartner Security and Risk Management Summit in National Harbor, Md. Neiva discusses:

  • How organizations can limit the scope of a breach by only accepting information the enterprise needs
  • Ways intrusion detection systems can be used as a tool to educate users on security policies.
  • The state of technology for making detection and prevention systems more reliable.

Based in Brasilia, Brazil, Neiva focuses on network security research and helps security professionals in developing network-based strategies for mitigating security threats. With 16 years of experience in the IT industry, Neiva has held network administration positions at the American Embassy and was a field engineer at Enterasys Networks, helping government customers implement reliable and secure networks.

Around the Network