Protecting critical infrastructure with anomaly-based Intrusion Detection Systems
The convergence of Information Technology (IT) and Operational Technology (OT) continues to drive connectivity and Big Data, demanding the collaboration of these two environments to successfully deliver both security and real benefits to industries worldwide.
As the breadth and depth of cybersecurity vulnerabilities grow for critical infrastructure companies, so too does industry’s response to combatting such threats. Intrusion Detection Systems (IDSs) monitor network traffic and activity, analyzing patterns and data to find potential intrusions.
Anomaly-based detection takes information about normal and expected patterns of network activity – traffic types, activity levels as they fluctuate during the day, and origin and destination of traffic – and builds profiles. Signature-based detection, on the other hand, identifies attacks by their signatures, or their known attack and infection patterns.
This paper looks at anomaly-based detection, exploring the pivotal role it plays in keeping critical infrastructure safe, efficient, and ready to handle future security challenges.