Policies can be applied to individual hosts or groups of hosts, but this process was more complex than with IDP. Subinterfaces are used to group hosts by CIDR blocks or 802.1Q VLAN tags. Unfortunately, all hosts may not be in the same CIDR block or virtual LAN. So we had to reconfigure our host IPs to group similar hosts within a CIDR block or add hosts individually to the subinterface using a 32-bit subnet mask. We chose the latter because renumbering is a difficult process. Also note that CIDR blocks can be defined only once per interface (see "Policy Assignment Per CIDR Block,").
We had a vulnerable Microsoft SQL Server 2000 on 192.168.2.40. We successfully ran the Resolution Service Stack Overflow against that server, and it was detected by IntruShield under the policy assigned to the CIDR block 192.168.0.0/16. We then ran the same exploit against our Sun Solaris box, which is governed by the Solaris policy assigned to the subinterface containing the CIDR block where our Solaris server resides. That attempt was not alerted because the signature governing that address was not enabled.
The moral of the story: Tuning policies reduces false positives and lets you focus on relevant alerts.
Reporting
Once we completed our configuration, we ran a number of exploits against our target hosts. This gave us an opportunity to examine IntruShield Manager's reporting and data-mining features.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
