SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsCode Red. Denial of Service attacks. The never-ending flood of security bulletins from Microsoft. For a network security professional, drastic measures have been needed to stem the tide of attacks against your network. Wouldn't it be nice to have a tool that could warn you of potential threats to your network? A tool that would log intrusion attempts and notifies you in near real-time of attacks to your network? Intrusion Detection Systems (IDS) are tools to monitor networks for anomalies that could indicate an attack on your network. Typically, IDS is passive in nature and works by scanning packets for patterns that match a pre-defined signature base. The signature base contains information relating to a known vulnerability, threat or pre-attack probe. Most IDS platforms will also allow for the creation of a custom signature base that can scan for pattern matches (passwords, keywords, etc) or new threats where a known signature does not currently exist. Intrusion Detection Systems can be a valuable tool when employing a 'defense in depth' strategy to your network but diligence is required to ensure success. This paper reviews one IDS RealSecure to describe its plusses and minuses with special emphasis on filtering out false positives.