Intrusion detection is “the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource.” An intrusion detection system (IDS) is a way to determine if a threat is/was present at any given moment. The IDS concept was considered dead in the early 2000’s, but it has made a comeback. Insurance companies should be aware of what the IDS is, and how it can be used to meet strict HIPAA and government guidelines. For more information:

Types of IDS

IDS mainly comes in three forms: Network based (NIDS), Host based (HIDS), and Physical (PIDS). Each of these three types of detections has a specific use, and which one(s) are right for your company has to be decided based on your CIO or infrastructure management services’ recommendations.

• NIDS – Network intrusion detection is located on the network. It is placed in an area where all ingoing and outgoing traffic will pass through it. It acts as a secondary filter for those packets authorized to pass through the firewall. 
• HIDS – Host intrusion software checks for anomalous and unauthorized behavior on a device. This is not used to see if employees are surfing the Internet, but it does act as a guardian of the operating system and various applications installed on the device. It looks for possible infiltrations and reports them to the IT department.
• PIDS – This is a little different animal. This is actually physical entities watching over the computers, servers, or other devices to restrict persons from tampering with the hardware. This can include cameras or security personnel.

It is important to understand that IDS is not a form of prevention. It logs the information and sends alerts. This allows IT to determine if something got through the firewall, or exists on several machines. Anti-viruses, firewalls, and every other detection service will allow pieces to get through and the IDS is another layer of protection; it is not designed to prevent, but to detect and report. You can never have enough protection. To find out more buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’.

HIPAA and Intrusion Detection

Both HIPAA and FISMA require insurance companies to detect foreseeable possible threats, and both organizations offer no real help on how this is to be achieved. Recently, HIPAA has offered a list of questions to apply to your IDS protocols. Mainly these questions are generic, such as;

• Are there IDS tools installed?
• Are the IDS reports reviewed quickly?
• Is the IDS passive or reactive?

Passive IDS tools just gather the information and send alerts to your IT department or your IT outsourcing services. Reactive tools can shut the device down by logging out the user (HIDS), or alter the permissions in the firewall to limit the threat’s access to the network (NIDS). Subscribe to the TOSS C3 blog, and find out more about HIPAA requirements, NIDS, and network security features.

Remember, HIPAA only considers compliance if the system is in place and is working properly. Setting up a prototype and not initiating it is not within the compliance guidelines. Learn more, download the white paper IT as a Utility.

IT outsourcing services, like those offered by TOSS, can add another dimension to your company’s intrusion detection needs. Infrastructure management and implementation is a must when considering compliance technicalities. You need a company that knows exactly what insurance companies need, what their regulatory requirements are, and what the perfect intrusion detection model is for the size of your firm. Request a quote today and see how TOSS can help elevate your network security.