NIST SP 800-36 Intrusion Detection and Prevention Systems

Sectrio.com

NIST SP 800-36 provides guidelines for the selection and use of Intrusion Detection and Prevention Systems (IDPS) in federal government systems

Purpose

Sectrio.com

To assist organizations in understanding the basic functions and capabilities of IDPS and provide recommendations for implementation and use.

1

Key Components

2

Sensors, servers, and management software. Sensors collect data, servers analyze data, and software provides alerts.

Types of IDPS

Sectrio.com

Network-Based IDPS and Host-Based IDPS. NIDPS monitor all network traffic, HIDPS monitor individual hosts.

3

Detection Methods

4

Signature-based, anomaly-based, and stateful protocol analysis.

Alert Generation

Sectrio.com

IDPS generates alerts to notify system administrators of potential intrusions

5

Response and Mitigation

6

Response depends on the type of intrusion and its level of risk. IDPS may mitigate intrusions automatically or manual intervention may be required.

Integration with Security Operations

Sectrio.com

IDPs should be integrated into an organization's overall security operations and response plan.

7

Implementation Considerations

8

Organizations should consider network type, risk tolerance, and available resources when implementing an IDPS. NIST SP 800-36 provides recommendations

Talk to us and find out how we can help you today!

Arrow