1 00:00:06,910 --> 00:00:08,170 - [Instructor] Data normalization 2 00:00:08,170 --> 00:00:11,470 is the process of capturing, storing, 3 00:00:11,470 --> 00:00:13,070 and analyzing data, right? 4 00:00:13,070 --> 00:00:15,810 So in this case, actually, 5 00:00:15,810 --> 00:00:20,810 security-related events, logs from servers, firewalls, 6 00:00:21,160 --> 00:00:23,840 IPS systems, and many others, right? 7 00:00:23,840 --> 00:00:27,480 So one of the main goals of data normalizations 8 00:00:27,480 --> 00:00:32,280 is actually to purge and delete redundant data 9 00:00:32,280 --> 00:00:34,740 and to maintain data integrity itself, right? 10 00:00:34,740 --> 00:00:37,110 So the normalized data is protected 11 00:00:37,110 --> 00:00:40,070 by making sure that any manifestation 12 00:00:40,070 --> 00:00:42,090 of the same data elsewhere 13 00:00:42,090 --> 00:00:45,840 is only making a reference to the data 14 00:00:45,840 --> 00:00:47,970 that is actually being stored. 15 00:00:47,970 --> 00:00:50,930 Another goal of security data normalization 16 00:00:50,930 --> 00:00:54,750 is to eliminate the risk of evasion techniques 17 00:00:54,750 --> 00:00:57,890 and ambiguities within your network, right? 18 00:00:57,890 --> 00:01:00,970 There are different types of normalization techniques, 19 00:01:00,970 --> 00:01:04,460 depending on levels of increasing complexity. 20 00:01:04,460 --> 00:01:07,230 Now, here, I'm actually showing the three different types 21 00:01:07,230 --> 00:01:10,190 of data normalization categories 22 00:01:10,190 --> 00:01:13,430 that are mostly used in the industry, right? 23 00:01:13,430 --> 00:01:16,250 One is actually referred to as 1NF, 24 00:01:16,250 --> 00:01:18,330 which is the first normal form. 25 00:01:18,330 --> 00:01:20,860 And you can assume the following, right, 26 00:01:20,860 --> 00:01:24,090 so it's second normal form and third normal form. 27 00:01:24,090 --> 00:01:26,670 And these categories can continue to increase 28 00:01:26,670 --> 00:01:31,590 in forms and complexity, depending on the requirements 29 00:01:31,590 --> 00:01:34,770 and the environmental needs of your organization. 30 00:01:34,770 --> 00:01:37,370 In the case of intrusion prevention systems, 31 00:01:37,370 --> 00:01:40,840 they focus on the throughput emphasis 32 00:01:40,840 --> 00:01:44,920 for the most rapid and optimal inline performance, right? 33 00:01:44,920 --> 00:01:49,520 So when doing so, in most cases, it's actually impossible 34 00:01:49,520 --> 00:01:52,770 for full normalization to take place, right? 35 00:01:52,770 --> 00:01:57,350 Traditional IPS devices often relied on shortcuts 36 00:01:57,350 --> 00:02:00,430 that only implement partial normalization 37 00:02:00,430 --> 00:02:02,370 and partial inspection. 38 00:02:02,370 --> 00:02:05,845 This, of course, increased the risk 39 00:02:05,845 --> 00:02:08,070 of evasion techniques, right, 40 00:02:08,070 --> 00:02:11,340 or evasions of that IPS system. 41 00:02:11,340 --> 00:02:14,920 Now, fragmentation is an example of innovation technique. 42 00:02:14,920 --> 00:02:16,913 Also encryption, pivoting, 43 00:02:18,420 --> 00:02:21,170 using type of stepping stone attacks, 44 00:02:21,170 --> 00:02:24,710 and some other ones that are out there. 45 00:02:24,710 --> 00:02:27,770 The good news is that next-generation IPS devices 46 00:02:27,770 --> 00:02:32,350 perform data normalization in a much effective way, right? 47 00:02:32,350 --> 00:02:36,080 They analyze data as a normalized stream 48 00:02:36,080 --> 00:02:38,460 instead of actually analyzing data 49 00:02:38,460 --> 00:02:41,700 as single or combined packets in the network, right? 50 00:02:41,700 --> 00:02:45,150 So this ensure that there's a unique way 51 00:02:45,150 --> 00:02:47,160 to interpret network traffic 52 00:02:47,160 --> 00:02:51,650 passing through the security appliance or the IPS device. 53 00:02:51,650 --> 00:02:52,710 Now, in the following lessons 54 00:02:52,710 --> 00:02:57,030 we will actually cover how to interpret common data values 55 00:02:57,030 --> 00:02:58,803 into a universal format.