November 5, 2015

    Why Traditional IDS Falls Short in Enterprise File Hosting

    IDS is an acronym that stands for "intrusion detection system." If you're just going by the name alone, it's easy to assume that this advanced type of technology is a great way to protect enterprise file hosting providers and make sure that they don't fall victim to the types of devastating data breaches that affect millions of people all over the world on a seemingly daily basis. You'd be wrong, however, as a traditional IDS just doesn't cut it for enterprise file hosting situations for a number of different reasons.

    Why Traditional IDS File Hosting Doesn't Provide the Best Protection for Enterprises


    What is IDS?

    At its core, an intrusion detection system can be either a software application or a hardware device (or a combination of the two) that is designed to constantly monitor a network or interconnected system for signs of trouble. An IDS is always on the lookout for suspicious activities like policy violations, intrusion attempts and more, after which point it compiles real-time reports to alert people in need-to-know positions that these types of instances have occurred. The theory is that based on this information, system administrators can then take the necessary precautions to both subvert disaster and patch any holes that were discovered to make sure that they don't happen again.

    The major failing of a traditional IDS unfortunately cuts right to the very core of what these systems were designed to do in the first place. While monitoring for instances of suspicious activity are a great first step, they do little to protect against many of the challenges system administrators now face. What if an employee is the one behind the data breach? They likely wouldn't commit the types of policy violations that would trigger IDS warnings because they would have the proper credentials in the first place. Not only can corrupted data or software bugs significantly stifle an IDS' ability to do its job, but it is also incredibly common for the system to report false alarms at the same time.




    Going Above and Beyond

    These issues alone prove beyond the shadow of a doubt that a traditional intrusion detection system isn't enough on its own to protect enterprise file hosting configurations. A much more advanced and deeper level of protection is necessary to protect both customer and business information moving forward.

    An SFTP provider like Sharetru would actually go a long way towards both helping protect mission-critical files and offering superior protection to a traditional IDS at the same time. Remember that hackers don't want to just access your network for the fun of it - they want to gain access to the important files contained inside. An IDS is typically passive, meaning that it may detect an intrusion, but it then does nothing more than log the activity and alert a system administrator. On the other hand, Sharetru has custom designed an Intrusion Prevention System that not only detects hacker activity, but immediately blocks it.

    Also, once detected, the hacker’s IP address is automatically distributed to all other Sharetru servers, thus protecting every other IP address within Sharetru’s network before they, too are attacked. The heuristics used to detect these attacks are not your typical operating system or application vulnerability checks, or simple trojan and worm blocking based on a virus database. Instead, these rules are custom crafted by Sharetru to address attack signatures that pertain specifically to FTP and SFTP hosting. The actual attack signatures are not disclosed in order to protect Sharetru’s competitive advantage.

     

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts