Choosing the right technology solution can be a daunting task particularly when meeting the wish list of requirements does not always equal the cheapest buy. So when it comes to Intrusion Detection/Prevention System, let’s look at some consideration points to aid in the investment decision.
To continue business as usual while providing that needed layer of defense, performance degradation can often be the drawback. Understanding and testing the inspection throughputis essential to ensure sufficient processing of any given network segment; as well as the speed in which the IPS/IDS is able to analyze and react on the compounding signature list and vulnerability exposure volume. Perhaps the most critical and fundamental component is the quality of signatures and how customizable and reputational quality of the input (including zero day inclusion). It does hold true in nearly all cases that the output is only as good as the input; and with IPS/IDS that means many more false positive being the downside. Understanding your “normal” traffic along with best fit in terms of statistical and behavioral considerations can save in both time and money.
Putting it all together, the best approach is integration and correlation with other security tools and logs to deliver appropriate level of confidence in the results. Managing all these components would sometimes open the discussion for outsourcing. Managed IPS/IDS services can augment an organization head count as well as skill set…
Finally, it’s always beneficial to do a financial viability of vendor and their strategic appetite. Some IPS/IDS vendors are offering supplemental support for NAC enforcement, DLP integration, and rate limiting by prioritizing traffic via pre-defined security criteria and protocol/services type.
If you drink the Gartner kool-aid then the choice is TippingPoint, McAfee, Sourcefire and Juniper Networks; followed closely by Cisco and IBM. And also ponder SANs review
No comments:
Post a Comment