Don’t Hate Your Legacy IDPS – Replace It
We have already shared three of the top five things customers tell us that they hate about their standalone IDPS: it floods the SOC with alerts, lacks visibility into lateral movement of threats inside the network and does not detect enough. Now, I’ll discuss the remaining two complaints: it’s too much work and you can’t get rid of it. I’ll also delve into some options you have for replacing your legacy IDPS.
If you’re still using legacy IDPS, you know that you’re spending too much time supporting something that’s adding little value to your security operations…according to the Ponemon Institute, 27% of IT personnel say the most time-consuming task is to create, modify and update intrusion detection systems. At the same time, a long list of compliance requirements for deploying IDPS prevent you from doing anything about this situation.
Legacy IDPS Alternatives
However, you can replace your legacy IDPS. Some options are flawed, but there is one opportunity that could offer your SOC team significant advantages.
One alternative to legacy IDPS is to use a compensating control. This is simply an alternate way that an organization can use to fulfill a compliance requirement. However, Dr. Anton Chuvakin and Branden Williams in PCI Compliance, caution that this isn’t always the right approach, saying:
“Compensating controls are challenging. They often require a risk-based approach that can vary greatly from one Qualified Security Assessor (QSA) to another. There is not guarantee a compensating control that works today will work one year from now, and the evolution of the standard itself could render a previous control invalid.”
Worse yet, compensating controls don’t always work as well as a recommended compliance standard. Research conducted by Verizon in 2017 showed a strong and direct correlation between organizations that suffered a security breach and the use of compensating controls.
Another option is to replace your IDPS with a next-generation firewall that has added IDPS functionality. This choice will present a few issues. First, firewalls are driven more by policies than true threat detection, meaning that they won’t stop an attack if the network communication is authorized. Second, firewalls are a perimeter security control that, just like legacy IDPS, do not provide visibility into lateral movement of threats inside the network.
A Better Way Forward: Lastline’s Network Detection and Response
Lastline Defender, a network detection and response (NDR) platform, is a more viable and attractive alternative to IDPS. This all-in-one platform, with IDPS, network traffic analysis (NTA), File Analysis and Global Threat Intelligence, provides several distinct advantages over other replacement strategies:
- Inclusion of IDPS functionality meets compliance requirements.
- Visibility into threats coming into and operating within the network.
- An exponential reduction in false positives using AI trained on both network traffic and malicious behaviors.
- Context and analysis to determine whether security events are relevant.
- Support for cloud workloads.
The biggest value Lastline Defender offers over legacy IDPS is that you do not have to buy expensive hardware nor pay for each network sensor deployment. You can deploy as many sensors as required without additional license costs to gain complete visibility and threat protection for your entire network, not just a few locations.
Watch our Video: 5 Things You Hate About Your IDPS to learn more about the shortcomings of IDPS.
Download our Solution Guide to read about how to replace your ineffective IDPS with Lastline Defen