Given time, we could have puzzled out most of the signatures via exhaustive searches, so we think Network Associates is just being difficult. In comparison, NetScreen opens signatures for review and editing--an approach we prefer.
The lack of signature information quickly became frustrating, and it complicated troubleshooting when a match was based on a protocol anomaly because there wasn't enough information to know why a match occurred. We had to send packet traces to Network Associates to determine why an SNMP packet was being detected as a NetBIOS issue. It took a few days, but the company resolved the problem and provided an update to the signatures. Signature updates are automated, but you need to buy a support contract to get them.
Policies All Around
IntruShield's policy assignment is very flexible, which is a double-edged benefit. We could apply policies to individual interfaces or, when in inline mode, to interface pairs, and there were policies defined for both outbound and inbound traffic, so asymmetric detection was possible.
Policies could be tuned in two ways. A rule set could make wholesale limitations in what types of attacks were detected by limiting the policy to signatures that match a set of categories, protocols, OSs, applications and other classifications. For example, we created a rule set that included all categories of attacks against IIS Web servers over HTTP. We then defined an IIS Web Server Policy using that rule set. All signatures that did not match the criteria were not selected for the policy. The alternative to using rule sets is to enable/disable individual attacks in the policy manually; however, if you want a symmetric policy, you must edit both the inbound and outbound attacks.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
