Cyber Security Standards
Companies must continually evaluate and improve their security practices to minimize risk of confidential data being stolen, high reliability systems going down, or their assets being controlled by hostile entities that potentially cause legal issues if the company assets are used in illegal ways. Maintaining best practices for security is no longer optional for many companies in government, health care, and the financial industry, but rather has been mandated by a variety of security standards such as PCI DSS, HIPPA, NIST, etc. These standards are mandated for types of companies that have an ethical responsibility to their customers to protect their sensitive data. From the PCI DSS version 2.0 standard,
"Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment."
Most of these security standards recommend using a variety of intrusion detection and prevention systems to supplement traditional firewalls and anti-malware software. From the Guide to Intrusion Detection and Prevention Systems published by NIST (National Institute of Standards and Technology),
"Organizations should consider using multiple types of IDPS (Intrusion Detection and Prevention System) technologies to achieve more comprehensive and accurate detection and prevention of malicious activity."
As well as just deploying the intrusion detection software, the NIST standards documents recommend system administrators should be responsable for maintaining and testing them on a regular basis,
"Administrators should maintain IDPSs on an ongoing basis. This should include monitoring the IDPS components for operational and security issues, performing regular vulnerability assessments, responding appropriately to vulnerabilities in the IDPS components, and testing and deploying IDPS software and signature updates."
The deployment and monitoring of intrusion detection and prevention systems such as Nova can increase network awareness and supplement existing security products by providing early warnings when attackers are in the reconnaissance stage of the attack or alerts when machines appear to have been compromised and are doing suspicious network activity.