NIST SP 800-36 Intrusion Detection and Prevention Systems
Sectrio.com
NIST SP 800-36 provides guidelines for the selection and use of Intrusion Detection and Prevention Systems (IDPS) in federal government systems
Purpose
Sectrio.com
To assist organizations in understanding the basic functions and capabilities of IDPS and provide recommendations for implementation and use.
1
Key Components
2
Sensors, servers, and management software. Sensors collect data, servers analyze data, and software provides alerts.
Types of IDPS
Sectrio.com
Network-Based IDPS and Host-Based IDPS. NIDPS monitor all network traffic, HIDPS monitor individual hosts.
3
Detection Methods
4
Signature-based, anomaly-based, and
stateful
protocol analysis.
Alert Generation
Sectrio.com
IDPS generates alerts to notify system administrators of potential intrusions
5
Response and Mitigation
6
Response depends on the type of intrusion and its level of risk. IDPS may mitigate intrusions automatically or manual intervention may be required.
Integration with Security Operations
Sectrio.com
IDPs should be integrated into an organization's overall security operations and response plan.
7
Implementation Considerations
8
Organizations should consider network type, risk tolerance, and available resources when implementing an IDPS. NIST SP 800-36 provides recommendations
Talk to us and find out how we can help you today!
Arrow
Talk to us now!