This project focuses on variable algorithms and pattern matching during anomaly inspection. A standard IPS/IDS deployment can offer protection from traditional known attacks and enforce previously generated ACLs, though it is not expected to perform human pattern detection when dealing with suspicious connections. This project assumes a certain percentage of previously unknown threats originates from actual users as opposed to automated malware systems. An Intelligent UTM must understand curiocity and predictability within detection algorithms to counter these threats.
An advanced detection system implementation would complement existing border network protection, or be transitioned in-line if no such system exists. The IDS would follow traffic patterns and require human input for classifying known trusted patterns.
The integration for an intelligent IDS is a horizontal addition to existing networks as the auditing devices only require a mirror of core traffic. This allows for a no-impact implementation compared to an inline IPS as the IDS and automation orchestrator sit separate from the core. Utilizing available vendor API for the network core, the orchestrator pushes ACL changes to the network live and continues to monitor for anomalies. The center of the IDS would also contain a historic database to analyze traffic patterns for better filtering practices and pattern recognition.
We view the primary benefit for an advanced self-learning IDS to be the level of network protection achieved by utilizing patterns and analytics as opposed to relying on community or vendor based filter rules. Emerging attack vectors which may not be publicly known can be flagged with an intelligent deep packet inspection implementation. The concept of an intelligent IDS/UTM deployment should become a key component in high risk networks.
Copyright 2015 Altexxa GroupAll Rights ReservedBack to the top