Gartner's Claudio Neiva says there only so much an intrusion detection and prevention system can do, so organizations need to take additional steps to safeguard critical data and systems.
A number of systems have detected - but failed to stop - some major breaches, including the recent one that exposed the personally identifiable information of 4 million current and former U.S. federal government employees (see OPM Breach: The Unanswered Questions). As Neiva points out in an interview with Information Security Media Group, detection and prevention systems can mitigate attacks that have known vulnerabilities. But many zero-day attacks involve unknown tactics and malware, and that's a significant shortcoming.
"What you need to improve is the way you [execute processes] to discover unknown things," Neiva says.
In this interview, conducted at the Gartner Security and Risk Management Summit in National Harbor, Md. Neiva discusses:
- How organizations can limit the scope of a breach by only accepting information the enterprise needs
- Ways intrusion detection systems can be used as a tool to educate users on security policies.
- The state of technology for making detection and prevention systems more reliable.
Based in Brasilia, Brazil, Neiva focuses on network security research and helps security professionals in developing network-based strategies for mitigating security threats. With 16 years of experience in the IT industry, Neiva has held network administration positions at the American Embassy and was a field engineer at Enterasys Networks, helping government customers implement reliable and secure networks.