Network security management
Intrusion Detection/Prevention – IDS/IPS systems provide the ability to detect and/or prevent information security-related attacks, such as brute-force attacks, denial-of-service (DoS) attacks, and vulnerability exploitation.
A vulnerability is a weakness in a software system, and exploiting it is an attack to gain unauthorized access to the system. When a vulnerability and a method of exploiting it are announced, there is often a window of opportunity for attackers to exploit that vulnerability before updates that fix it are published and applied. In these cases, an intrusion prevention system can be used to quickly block these attacks. Because IPS technologies monitor network packet flows, they can also be used to enforce the use of secure protocols and prohibit the use of insecure protocols such as earlier versions of SSL or protocols that use weak ciphers.
Network Access Control (NAC) is a zero-trust network access solution that provides improved visibility and control over the devices that connect to the organizations’ networks.
This system is based on the 802.1x protocol and helps organizations deal with today’s ever-expanding attack surface by providing not only visibility into the network infrastructure, but also policy enforcement and dynamic control over it. Whether devices connect from or outside the network, it can automatically respond to compromised devices or anomalous activity. Modern solutions also provide a clear view of the assets connected to the network.
Monitoring and response capabilities are especially important because many devices expose users to additional risks through compromised, poorly written and unpatched software, zero-day vulnerabilities or other factors.