NIST SP 800-36 Intrusion Detection and Prevention Systems
NIST SP 800-36 provides guidelines for the selection and use of Intrusion Detection and Prevention Systems (IDPS) in federal government systems
To assist organizations in understanding the basic functions and capabilities of IDPS and provide recommendations for implementation and use.
Sensors, servers, and management software. Sensors collect data, servers analyze data, and software provides alerts.
Types of IDPS
Network-Based IDPS and Host-Based IDPS. NIDPS monitor all network traffic, HIDPS monitor individual hosts.
Signature-based, anomaly-based, and
IDPS generates alerts to notify system administrators of potential intrusions
Response and Mitigation
Response depends on the type of intrusion and its level of risk. IDPS may mitigate intrusions automatically or manual intervention may be required.
Integration with Security Operations
IDPs should be integrated into an organization's overall security operations and response plan.
Organizations should consider network type, risk tolerance, and available resources when implementing an IDPS. NIST SP 800-36 provides recommendations
Talk to us and find out how we can help you today!
Talk to us now!