Intrusion detection and prevention systems as a component of ensuring compliance with regulatory documents

Abstract

Many financial institutions and payment solution providers are required to comply with PCI DSS (Payment Card Industry Data Security Standard). Such requirements are understandable, as compliance helps in reducing the risks of data leaks and financial losses associated with unauthorized access to card data. The presence of the PCI DSS compliance validation indicates that the organization has taken all necessary measures to protect data. An example of a web resource that must comply with PCI DSS regulations is considered. Implementation and testing of protection controls (measures) is an integral part of the compliance validation process. The methods used in intrusion detection and prevention systems have certain features that prevent the widespread and effective implementation of such protection systems. The subject of research in this article is intrusion detection and prevention systems, which are part of the web application security system. The goal of the work is to research the specific features of the intrusion detection and prevention methods and to provide recommendations on the combined use of the above methods. To achieve the goal, the following tasks are solved: to identify the hierarchy/relationship of existing regulatory documents, according to which compliance validation can be carried out; to describe the basic provisions of PCI DSS certification; to identify the protection systems that can be implemented to protect the web resource from cyberattacks; to analyze the advantages and disadvantages of methods used in intrusion detection and prevention systems; to provide suggestions for improving the use of intrusion detection and prevention systems. Derived from the defined tasks, the following results were achieved. It was found that the main problem of the signature method of intrusion detection is insufficiently fast updating of signature databases and the possibility of modifying known attacks in such a way that known signatures are not used during the attack. The method of detecting anomalies is characterized by a large number of false positives at the initial stages of implementation, in this case it is necessary to perform a fairly thorough setup and training of the system based on conditionally safe user actions. Conclusions. The combined use of attack detection methods makes it possible to reduce the number of errors of the first and second kind, which indicates the effective use of protection tools. Web resources with such means of protection can be certified if other conditions of the regulatory document are met.