What is Intrusion Detection and Why Do Insurance Companies Need It?
August 3, 2017
August 3, 2017
Intrusion detection is “the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource.” An intrusion detection system (IDS) is a way to determine if a threat is/was present at any given moment. The IDS concept was considered dead in the early 2000’s, but it has made a comeback. Insurance companies should be aware of what the IDS is, and how it can be used to meet strict HIPAA and government guidelines. For more information:
Types of IDS
IDS mainly comes in three forms: Network based (NIDS), Host based (HIDS), and Physical (PIDS). Each of these three types of detections has a specific use, and which one(s) are right for your company has to be decided based on your CIO or infrastructure management services’ recommendations.
It is important to understand that IDS is not a form of prevention. It logs the information and sends alerts. This allows IT to determine if something got through the firewall, or exists on several machines. Anti-viruses, firewalls, and every other detection service will allow pieces to get through and the IDS is another layer of protection; it is not designed to prevent, but to detect and report. You can never have enough protection. To find out more buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’.
HIPAA and Intrusion Detection
Both HIPAA and FISMA require insurance companies to detect foreseeable possible threats, and both organizations offer no real help on how this is to be achieved. Recently, HIPAA has offered a list of questions to apply to your IDS protocols. Mainly these questions are generic, such as;
Passive IDS tools just gather the information and send alerts to your IT department or your IT outsourcing services. Reactive tools can shut the device down by logging out the user (HIDS), or alter the permissions in the firewall to limit the threat’s access to the network (NIDS). Subscribe to the TOSS C3 blog, and find out more about HIPAA requirements, NIDS, and network security features.
Remember, HIPAA only considers compliance if the system is in place and is working properly. Setting up a prototype and not initiating it is not within the compliance guidelines. Learn more, download the white paper IT as a Utility.
IT outsourcing services, like those offered by TOSS, can add another dimension to your company’s intrusion detection needs. Infrastructure management and implementation is a must when considering compliance technicalities. You need a company that knows exactly what insurance companies need, what their regulatory requirements are, and what the perfect intrusion detection model is for the size of your firm. Request a quote today and see how TOSS can help elevate your network security.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.