SlideShare una empresa de Scribd logo
1 de 49
Descargar para leer sin conexión
Select an Intrusion Detection and Prevention System
Introduction This research is designed for… This research will help you… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Use this research to help you  understand and strategize your IDPS deployment ,  and  select the right solution given your budgetary constraints and needs .  Info-Tech Research Group Security is a big deal. Regardless of whether or not the business houses sensitive data, malicious intruders on your corporate network disrupt business continuity and that costs money. Deploying an  Intrusion Detection and Prevention System  (IDPS) is the organization’s internal patrol, working with other security tools, such as Firewalls and Anti-Malware, to keep malicious traffic out of your network.
Executive Summary Info-Tech Research Group ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Evaluate Implement & Operate Strategize Select ,[object Object],[object Object],[object Object],Roadmap ,[object Object],I
Network intrusion is costly – if your organization has data-stealing intruders, your job may be at stake Implement security technology such as an IDPS to protect yourself from what  could  happen if you’re unprotected – nobody wants to be a headline. TJX, a large American retailer, was hit with a  $118 million  charge against 2 nd  quarter earnings in 2007 due to the theft of 45.9 million credit cards via a breach of their wireless network. 1  Implementing an IDPS is an effective way of preventing malicious content from compromising the network and causing this kind of disaster. ,[object Object],[object Object],[object Object],86% of Organizations are proactively improving security by implementing IPS before an intrusion wreaks havoc.  You never expect your house to burn down, but you buy insurance  just   in case  it does – similarly, you may not expect to get hacked, but you want some form of protection in place for when you are.
Developing an IDP strategy involves answering a number of questions; answer these  four  questions before proceeding Info-Tech Research Group Understand that everything that passes your firewall, anti-malware tools, and other security is free on your network. A firewall is a bouncer, an IDPS is a guard patrolling the bar for strangers and drunkards. IDPS can be deployed as a dedicated box or a consolidated box. Dedicated boxes offer higher performance and lower entry prices. Consolidated boxes offer a better TCO and streamlined management across multiple tools. Attacks can happen any time, any day. If you can’t afford the security staff to manage and watch the appliance 24/7, managed services can be a more attractive option. Have a large security staff already? Monitor the appliance in-house.  For most enterprises, a single sensor at the network perimeter will be sufficient. Internal segments of the network with sensitive data, or firms using multiple ISPs should consider probes at entry points to each network. What does  an IDPS do? What are  my options? How do I manage it? How many  probes do I need?
An IDPS sits at the network perimeter and tracks what comes and goes; without it, your borders may be open to strangers Info-Tech Research Group ,[object Object],Info-Tech  Insight An IDPS sits behind the firewall and the anti-malware protection system, monitoring traffic that has passed through  both  solutions. In detection mode, an IDPS will alert the network administrator when questionable traffic  that has passed the firewall  and  anti-malware solutions  passes through the box. In prevention mode, the box will actually mitigate the threat as soon as it hits the IDPS system.  Organizations without IDPS are not more susceptible to breaches, but will be unaware of what enters and exits their network. Organizations with IDPS are  more  capable of monitoring what enters and exits their network and can mitigate the impact of any potential threats. Firewall Anti-Malware IDPS Protected Corporate Network Incoming Traffic Organizations with some security tools in place will catch a  portion  of malicious traffic as it hits the firewall and anti-malware tools. Make no mistake, some malicious traffic  will  get past these tools and hit the internal network. Without an IDPS in place, IT will have  no record  of what threats entered the network, leading to a  potential wild goose chase in an effort to track them down. Open Corporate Network Incoming Traffic Firewall Anti-Malware No IDPS
A dedicated IDPS solution is a necessity if you need to monitor internal segments of the network – protect that sensitive data! Info-Tech Research Group ,[object Object],Info-Tech  Insight Consolidated boxes that hold multiple security technologies within a single appliance fit the smaller organization with less of a budget aimed towards IT security. The primary benefit with consolidated boxes is streamlined management tools, but their complexity can make them more expensive than dedicated solutions; if you don’t need all the functionality a UTM offers, they can be cost-and-protection overkill. IDPS is a better fit for organizations with other security technology already in place – throwing out already purchased tools is expensive. If the network currently has security tools, upgrading via a dedicated IDPS box is simpler and more cost effective. Dedicated boxes also contain higher throughput capacity and speed, resulting in less interference on network traffic. An IDPS acts as a  dedicated box  at the perimeter of your network that works  with  a firewall and anti-malware solutions to protect the network. A unified threat management (UTM) system is a  consolidated box , housing multiple security tools that protect the network. Firewall Anti-Malware IDPS Protected Corporate Network Incoming Traffic Protected Corporate Network Incoming Traffic Firewall Anti-Malware IDPS
If your security team can be staffed on an IDPS 24/7, do it in-house, otherwise go to managed services Info-Tech Research Group In the “good old days” when intrusion prevention was the pre-eminent technology, staffing  issues were the 800lb Gorilla. Intrusion detection can generate vast numbers of alerts that must be dealt with, ideally in real time, for its protection capabilities to be realized. Intrusion prevention has mitigated this to a  significant  degree, to the point that large numbers of dedicated staff may not be required. For optimal protection, 24/7 monitoring of alerts and responses still has value. If you don’t need instant response, you don’t need active monitoring. Let the IDPS do its thing, but make sure to review logs daily, and page for significant threats. The IDPS can  only be successful  if a process is in place to monitor and maintain the system and  reports are reviewed on a regular basis. “ “ - IT Manager,  Education What Info-Tech clients are saying… Organizations that need the  highest  levels of responsiveness, and that have 5 or more security analysts on staff can afford to manage an IDPS on a 24/7 basis in-house at a cost-advantage vs. managed services.  Security Analysts 5 Organizations that need high levels of responsiveness, but that  do not  have 5 or more security analysts on staff, and therefore cannot actively monitor their IDPS 24/7, will benefit from outsourcing to an MSSP. Security Analysts 5
Calculate the number of probes required for your implementation given your current network topology Info-Tech Research Group The number of internal networks  with confidential, private, or sensitive data on them determine how many internal IDP appliances the organization needs.  Here ratio options exist – multi-segment, multi-Gigabit boxes are available for 1:x deployments but have big price tags and may be overkill. Evaluate internal network speed, and the number of segments to be protected to decide between large 1:x ratio boxes, or smaller “appliance per segment” solutions. The number of pure internet connections coming into the organization drives the number of dedicated or consolidated boxes required at the network perimeter. The  ISP:appliance  ratio must remain at 1:1 throughout the organization to ensure protection on all inbound links without introducing a single point of failure. The number of ISPs, in turn, is driven by the organization’s need for network redundancy and resiliency (e.g. failover networks).  External Probes Internal Probes For consistent protection, the organization must have 1 appliance on each dedicated Internet connection. Use the number of network segments with sensitive data to drive internal probe deployment. Protected Corporate Network IDPS 1/UTM1 IDPS on Segment 1 ISP 1 ISP 2 IDPS 1/UTM1 IDPS 2/UTM2 Protected Corporate Network Segmented Network  (e.g. R&D)
Determine whether or not IDPS is appropriate for your organization before moving into vendor selection  Info-Tech Research Group The  IDP System Appropriateness Assessment Tool  will help you: 1 Conduct an IDPS Necessity Assessment. 2 Determine whether you are better served by an  IDPS or UTM. 3 Determine whether you should bring IDP  in-house or move to managed services. 4 Calculate the number of probes required for your implementation given current network setup. This tool will help you determine whether or not you should be deploying an IDPS and how many probes you require. Use the probe figure in the  IDP System TCO Calculator  later in this solution set to more accurately project the cost of your specific implementation.
You know what you need, now its time to figure out what it’s going to cost & how to manage it The  IDP System TCO Calculator  will help you: 1 Determine capital costs, such as hardware and licensing. 2 Determine operating costs such as support and staffing. 3 Provide you with a TCO for managing IDPS across 4 different scenarios. Use this TCO calculator to get an understanding for the various licensing and management options available to you with an IDPS solution. This tool provides dollar figures to the IDPS setup strategy discussed in section 1.  Remember , the Probes Assessment in the  Appropriateness Assessment  tool, you just completed, should be inputted into the appropriate places in this tool to provide a more accurate recommendation.  ,[object Object],Info-Tech  Insight
Evaluate Implement & Operate Strategize Select ,[object Object],[object Object],[object Object],Roadmap Look to the  Vendor Landscape  to determine who can meet your needs II
Every vendor in the game has the basic table stakes, but who  goes above and beyond in the areas that matter to you? ,[object Object],Info-Tech  Insight “ “ The Table Stakes What does this mean? Throughput Hardware Portfolio Signature Scanning Behavior Scanning 24/7 Support Weekly Updates Management and Reporting Probes are capable of supporting at least .2GBPS in throughput capacity.  Vendor provides a variety of probes at varying price points for adequate matching with needs. The solution is capable of signature scanning. The solution is capable of behavior scanning. Support is available 24/7 for client issues. Signatures and other scan-related data is updated weekly, at a minimum. The solution comes with a reporting and management dashboard. The products assessed in this Vendor Landscape TM  meet, at the very least, the requirements outlined as Table Stakes.  Many of the vendors go above and beyond the outlined Table Stakes, some even do so in multiple categories. This section aims to highlight the products capabilities  in excess  of the criteria listed here.  Visibility of the organization is also important. I doubt, in the current environment, that many people are interested in hacking into our small hospital system, however,  I will not take a chance  with other peoples financial and personal health info,  so I will do the right thing.   - IT Manager, Healthcare
IDPS Criteria & Weighting Factors g Info-Tech Research Group Vendor Evaluation Vendor is committed to the space and has a future product and portfolio roadmap.  Strategy Vendor is profitable, knowledgeable, and will be around for the long-term. Viability Vendor offers implementation and ongoing management support. Support Product Evaluation The five year TCO of the solution is economical. Affordability The solution provides basic  and advanced feature/functionality. Features The solution’s dashboard and reporting tools are intuitive and easy to use. Usability
The Info-Tech IDPS Vendor Landscape For a complete description of Info-Tech ’s Vendor Landscape methodology, see the Appendix. Champions  receive high scores for most evaluation criteria and offer excellent value. They have a strong market presence and are usually the trend setters for the industry.  Competitors  strike a strong balance between product and vendor attributes. They have the potential to become future industry leaders if they address the missing links in their offerings. Emerging players  are newer vendors who are starting to gain a foothold in the marketplace. They balance product and vendor attributes, though score lower relative to market Champions. Innovators  have demonstrated innovative product strengths that act as their competitive advantage in appealing to niche segments of the market.  Industry standard  vendors are established players with very strong vendor credentials, but with more average product scores.
Every vendor has its strengths & weaknesses;  pick the one that works best for you Product Vendor Features Usability Affordability Viability Strategy Support Note: “Harvey Ball” scores are produced by normalizing weighted, raw scores for each category, resulting in relative scores for each category. For example, an empty circle does not indicate a zero score; it indicates the lowest score in that category relative to other products. Likewise, a solid circle does not indicate a perfect score, but rather the highest score in that category relative to the other products. McAfee HP Cisco IBM Juniper Top Layer Sourcefire Radware Check Point
Cisco provides the most value per dollar of spend across the board due to an impressive feature list & low price point On a relative basis, Cisco maintained the highest Info-Tech  Composite Performance Score TM   (CPS) of the vendor group. Vendors were indexed against Cisco’s performance to provide a complete, relative view of their product offerings. The Composite Performance Score is a measure of a performance across both Vendor and Product categories normalized in relation to cost. 1    This measure  does not  indicate vendor ranking, instead providing an indexed assessment of each vendor’s product  and business strength in relation to the cost of their solution. Vendors that score high offer more features, usability, support, SMB focus, and stability  relative to their price point  than the average vendor, while the inverse is true for those that score lower.   Enterprises looking to achieve optimal “bang for the buck” may wish to give the Composite Performance Score more consideration than those who are more focused on specific vendor/product attributes.   What is a Composite Performance Score? ,[object Object],[object Object]
HP TippingPoint’s grip on proprietary signatures research is a differentiator in the industry, cost may be a deterrent ,[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating Overview Strengths Challenges Champion If the integrity of data on your corporate network requires extremely high level security, HP’s DVLabs suite is the most up-to-date signature database on the market.  Info-Tech  Recommends Employees: Headquarters: Website: 310,000 (hp wide) Palo Alto, CA HP.com
HP focuses heavily on the enterprise market, hurting its strategy score; there is better value elsewhere based on price HP achieved a slightly above average Composite Performance Index score in all categories except for Strategy, where its score was well below the average. HP’s mediocre scores across most categories are a result of the high price of the solution and its low usability score. Its strategy score is below average because HP is more focused on the enterprise space rather than the small to medium enterprise, as evidenced by the progression in more favorable pricing as appliance throughput moves up stream. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA DVLabs Research employs 30+ research professionals and provided the first patch to 14 critical and 47 high risk vulnerabilities in 2010, more than 5x that of competing vendors.
Cisco possesses a large deployed sensor network that feeds its impressive reputation engine at a very low price point ,[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If the organization currently uses a lot of Cisco infrastructure, implementing Cisco’s IDPS provides quick reporting/management wins. Overview Strengths Challenges Champion Info-Tech Recommends Employees: Headquarters: Website: 70,714 San Jose, CA Cisco.com
Cisco offers a huge amount of features at the most affordable price point, making it the best value play in the space Cisco achieved the highest Composite Performance Index scores in all categories except for Strategy, where its score was still above the average. Cisco's high across the board scores are the result of its solution having the lowest price of all evaluated products while having above average scores in all other categories. Its strategy score is limited, though still above average, due to its primary focus of consolidated rather than dedicated solutions. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA Maintains 700,000 sensors globally to feed Global Correlation program, boosting efficacy and driving reputation scores that are pushed out to all devices on the network.
McAfee offers an extremely robust feature set & a global support system, but does so at a premium to other vendors ,[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If a robust feature set and highly detailed dashboard and reporting setup are your prime concern, McAfee is a potential solution; otherwise, there are less costly vendors in the space. Info-Tech Recommends Overview Strengths Challenges Champion Employees: Headquarters: Website: 6,100 Santa Clara, CA McAfee.com
McAfee offers the most impressive feature list, but is priced at a hefty premium to the market, destroying value per dollar McAfee achieved low Composite Performance Index scores in all categories due to its exceptionally high price point. McAfee’s high price point negatively impacted its composite performance despite the breadth of its features and the strength of the product on the whole. It’s viability score was especially low due to the uncertainty surrounding the IntruShield offering post Intel acquisition.  Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA The McAfee IntruShield appliance lineup offers integrated VoIP protection to specifically protect against threats using this increasingly common communications mechanism.
If you already have IBM infrastructure, or require extremely high throughput, consider IBM ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If your organization has a suite of IBM products already, or is looking for IDPS boxes with extremely large throughput capacity, consider IBM as a potential solution. Overview Strengths Challenges Industry Standard Info-Tech Recommends Employees: Headquarters: Website: 399,409 Armonk, NY IBM.com
IBM offers average functionality but is backed by a strong corporate brand & large support network  IBM achieved a slightly above average overall Composite Performance Index score with good specific results in support and viability, but poor results in strategy and usability.  As the largest and most stable vendor in this survey, IBM’s high viability score is to be expected. The company’s usability score was negatively impacted by a complex management system, while it’s strategy was impacted heavily by to the firm’s focus on the enterprise market. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA As Data Leakage Protection becomes an ever more prevalent technology, it is finding its way into many other security solutions; IBM is the first to integrate DLP capability into its IDPS sensors.
Juniper offers a low cost solution compared to the average vendor, but also offers less throughput options on appliances ,[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If cost is the major concern for your organization and the appliance throughput is available from Juniper, consider it a strong solution for the money. Overview Strengths Challenges Innovator Info-Tech Recommends Employees: Headquarters: Website: 8,000 Sunnyvale, CA Juniper.net
Juniper is the only vendor in the landscape offering ‘honeypot’ capabilities, and is priced well relative to its peers Juniper achieved a high Composite Performance Index score in all categories except for Strategy, where its score was below average. Juniper's high across-the-board scores are the result of its solution having one of the lowest price points in the group, while providing more features than other, similarly priced vendors. It’s strategy score is below average due to its focus on the enterprise space with its IDPS solution – the firm carries a UTM solution geared much better towards the SME. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA Juniper’s IDP series of appliances uniquely offers ‘honeypot’ capabilities to track and confound  illicit reconnaissance efforts.
Sourcefire offers a leading IDPS product & maintains a robust appliance portfolio, but lacks full DDoS protection capability ,[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If your organization anticipates quickly scaling up hardware over a short period of time, Sourcefire’s hardware portfolio extends from the very small to the very large, providing some continuity. Overview Strengths Challenges Competitor Info-Tech Recommends Employees: Headquarters: Website: 393 Columbia, MD Sourcefire.com
Sourcefire focuses heavily on IDP & benefits from the large open-source community behind Snort Sourcefire recorded one of the higher Composite Performance Index scores due to the combination of generally positive criteria scores and overall attractive pricing. Sourcefire was regarded as having the highest CPI score for strategy as a result of its IDP only focus and attractiveness to the SME space. As with the other smaller vendors in the study, viability is impacted when compared with multi hundred billion dollar companies. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA As the commercial offering from the developers of Snort, the world’s most commonly deployed IDP solution, Sourcefire can draw on that massive community user base for signature development.
Check Point is an expensive solution with a minimal feature set; other vendors offer more functionality at a lower price point ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If advanced functionality and security are a minimal concern, then Check Point may be a viable option, but there are better, less expensive solutions on the market.  Overview Strengths Challenges Industry Standard Info-Tech Recommends Employees: Headquarters: Website: 2,200 Redwood City, CA Checkpoint.com
Check Point performs poorly on a CPI basis due to a lofty price point & minimal functionality, resulting in poor value Check Point achieved a low Composite Performance Index as a result of the second highest price in this study, compared against generally modest results in most categories.  Check Point achieved its best results in usability (due to a very clean management interface) and strategy (due to its focus). It’s advanced feature set was deemed one of the weakest in the comparison, resulting in the low CPI for that criteria. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA Though not a metric in this evaluation, Check Point has recently been reviewed favorably on performance and throughput capabilities by NSS Labs, an independent testing house.
Top Layer Security provides the appliance for free with three year maintenance contracts, drastically reducing TCO ,[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If all you require is intrusion prevention functionality at an extremely low cost, Top Layer Security may be the right solution for your organization. Overview Strengths Challenges Emerging Player Info-Tech Recommends Employees: Headquarters: Website: 70 Hudson, MA Toplayer.com
Top Layer offers an IPS-only, SME focused product with a free appliance option, but its recent takeover hurts viability  Top Layer offers a reasonably competitive product, at a slightly above average price, resulting in a lower overall Composite Performance Index result. This may be mitigated however with Top Layer’s innovative free appliance approach. Top Layer’s focus on the IDP market, and the SME client, earns it solid Strategy marks; however, its just announced acquisition by UK based Corero as the flagship of that company’s new (and still being defined) security division significantly impacts viability scores. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA Top Layer’s TopMSS managed services offering allows enterprises to invest in technology  and  the management of that technology from a single provider.
Radware’s scalable buying concept will aid high-growth  or   cash-strapped organizations with IDPS expansion ,[object Object],[object Object],[object Object],[object Object],Info-Tech Rating If a major investment in IDPS is not a primary initiative for the organization, or you are in a high-growth environment, consider Radware’s scalable buying as a way to ease into IDPS. Overview Strengths Challenges Emerging Player Info-Tech Recommends Employees: Headquarters: Website: 700+ Tel Aviv, Israel Radware.com
Radware carries a high initial investment cost on its appliances & involves using an extremely complex management interface Radware’ s overall Composite Performance Index score was radically impacted by the high initial costs of it appliances compared against mostly mediocre scores in all categories. Radware’s best results came in strategy due to its strict focus on the IDPS space. It’s worst results, usability and viability, are attributable first to a complex and confusing interface, and second to being a very small company in the presence of much larger competition. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy  User Based Signatures North America APAC EMEA The ERT provides instantaneous, expert security assistance in order to restore network and service operational status when a client is under DDoS attack or malware outbreak.
Not all vendors are created equal;  pick the right one for your case Effectiveness is highly vendor dependent. The Composite Performance Index is a measure of value for dollar, but certain, specific select criteria may be driving your needs. The table below provides some insight into what vendors Info-Tech recommends, based on specific needs. I want… Info-Tech Recommends The best value for my dollar.  Cisco, Juniper The greatest feature set. HP, McAfee The most up-to-date signatures at all times. HP, IBM A vendor that is focused on the small enterprise. Radware, Sourcefire, Top Layer, Check Point The ability to scale up cheaply as I grow. Radware Full redundancy. HP, Top Layer Inherent firewall. Radware, McAfee, Top Layer
Evaluate Implement & Operate Strategize Select ,[object Object],[object Object],[object Object],Roadmap ,[object Object],III
Identify leading solution candidates with a  Vendor Shortlist Info-Tech Research Group ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Focus solution requirements with an  RFP Template Info-Tech Research Group ,[object Object],[object Object],Info-Tech  Insight ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Put hard numbers behind vendor claims & keep evaluations objective by scoring RFP responses Info-Tech Research Group ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Info-Tech  Insight
Evaluate Implement & Operate Strategize Select ,[object Object],[object Object],[object Object],Roadmap ,[object Object],IV
Start with nearline monitoring, but move to inline blocking as probe performance is optimized Getting the throughput specifications right for the appliance should be a prime focus point. A small box becomes a network bottleneck, a large box requires significantly more capital. Info-Tech Insight A nearline deployment provides IT with a chance to monitor the default rules setup of the appliance and assess throughput capacity without materially impacting the network.  Start with a nearline deployment  and only move to inline when you are sure the appliance will not become a bottleneck on the network.  In terms of tuning the rules of the box, trial and error is the generally used method. Start by turning on the baseline rules, and tweak both rules and thresholds until the appliance performs at an acceptable rate. Once the appliance is performing satisfactorily, move it inline and implement blocking. 43% 98% 31% 92%
Use a pilot group & monitor actively during the initial tuning phase; IPS requires constant attention to be effective  The initial configuration of an IDPS appliance is extremely important to the optimal functioning of the solution, but the effort must be maintained throughout the system’s lifetime to remain effective. Info-Tech Insight Understand that IPS is not an idle technology – monitoring reports and logs is the only way to configure an IPS solution to optimal block rates. The goal with monitoring is to develop an idea for what baseline figures and activities look like, making it easier to spot anomalies in the future. After a few days of running the solution, open up the event logs and begin to understand what is happening. Check that the applications you expect to be running are running, resolve early false positives, and ensure the processes and services are correct.  Tuning accurately is a major differentiator between an adequate solution and a great one. At this stage in the game, focus on finding the right thresholds. Increase the risk threshold for processes being logged that shouldn’t be, and do the inverse for those that should. Reducing noise in the management console is the quickest way to reduce the time spent reviewing logs daily. Create exceptions for commonly logged but non-threatening actions, such as running sanctioned scripts so you can focus on logging and analyzing potential threats.  The final step in tuning the appliance is to configure dashboards and reporting to display the most pertinent information. Make displaying trends, query results, and issues the priority, and schedule reports to be sent automatically to the responsible individuals for mitigation. Monitor Daily Review Logs Begin Tuning Create Exceptions Configure Reporting 1 2 3 4 5
Develop an incident response team and teach them to identify incident precursors & indications to beef up protection ,[object Object],[object Object],[object Object],[object Object],Who should be on the team? Preparation Detection & Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What’s in a jump kit? The incident response team should consist of people from across IT  -- developers and security and networking pros. Threats can hit anywhere, an IT-wide view is critical to an effective defense. Key items in a jump kit include: laptop with packet sniffers & computer forensics, backup devices, blank media, basic networking cables and OS and application media and patches. 2  What’s a precursor? What’s an indication? A precursor is a sign that an incident may occur in the future, such as unusual port scan activity targeted at a group of hosts before a DoS attack against the same hosts. An indication is a sign that an attack is occurring or has just happened, such as an antivirus software alert when a worm is detected.
Create a containment framework & hold lessons-learned meetings to make the response team more efficient Info-Tech Research Group ,[object Object],[object Object],[object Object],How do I contain a threat? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],What metrics do I use? ,[object Object],[object Object],[object Object],[object Object],[object Object],Containment/Recovery Post Incident Activity ,[object Object],[object Object],[object Object],[object Object]
Summary Info-Tech Research Group ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Appendix Info-Tech Research Group
Vendor Landscape Methodology Info-Tech Research Group Info-Tech Research Group Vendor Landscape market evaluations are a part of a larger product selection solution set, referred to as a Select Set. The  Vendor Landscape evaluation process starts with a customer survey. Customers tell us which vendors and products they ’ve heard of and which ones they use, plan to use, or are investigating. From the survey results, and the domain experience of our analysts, a vendor/product shortlist is established. Product briefings are requested from each of these vendors, asking for information on the company, products, technology, customers, partners, sales models, and pricing. Our analysts then score each vendor and product across a variety of categories. These scores are then weighted according to weighting factors that our analysts believe represent the weight that an average client should apply to each criteria. The weighted scores are then averaged for each of two high level categories: vendor score and product score. A plot of these two resulting scores is generated to place vendors in one of five categories: Champion, Competitor, Emerging Player, Innovator, and Industry Standard. Analysts take the individual scores for each vendor/product in each evaluation category and normalize them to a scale of  zero  to  four . This produces a relative scoring, where a low score value indicates low performance in that category  relative to the performance of the other products in that category and vice versa for a high score . These normalized scores are represented with  Harvey Balls , ranging from an open circle for a score of  zero  and a filled-in circle for a score of  four .  Harvey Ball  scores  do not represent absolute scores , only relative scores. Individual scorecards are then sent to the vendors for factual review, and to ensure no information is under embargo. We will make corrections where factual errors exist (e.g. pricing, features, technical specifications). We will consider suggestions concerning benefits, functional quality, value, etc; however, these suggestions must be validated by feedback from our customers. We do not accept changes that are not corroborated by actual client experience or wording changes that are purely part of a vendor ’s market messaging  or positioning.  Any resulting changes to final scores are then made as needed, before publishing the results to Info-Tech clients. Vendor Landscapes are refreshed every 12 to 24 months, depending upon the dynamics of each individual market.

Más contenido relacionado

La actualidad más candente

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourKasper de Waard
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementMayur Nanotkar
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DevicePriyanka Aash
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkEng. Mohammed Ahmed Siddiqui
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 

La actualidad más candente (20)

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviour
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Embedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure DeviceEmbedded Systems Security: Building a More Secure Device
Embedded Systems Security: Building a More Secure Device
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionage
 
9780840024220 ppt ch06
9780840024220 ppt ch069780840024220 ppt ch06
9780840024220 ppt ch06
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 

Destacado

Individual Development Plans 2009
Individual Development Plans  2009Individual Development Plans  2009
Individual Development Plans 2009dawnlennon
 
Vendor Selection Case Study
Vendor Selection Case Study Vendor Selection Case Study
Vendor Selection Case Study Laura Arber, PMP
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
The Nuts & Bolts Of Constructing An Effective Individual Development Plan
The Nuts & Bolts Of Constructing An Effective Individual Development PlanThe Nuts & Bolts Of Constructing An Effective Individual Development Plan
The Nuts & Bolts Of Constructing An Effective Individual Development Planguestfa9236
 
Software selection and implementation in the real world
Software selection and implementation in the real worldSoftware selection and implementation in the real world
Software selection and implementation in the real worldSoftworld
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...
Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...
Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...Darshana Chauhan
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Idp presentation on Consumer Behavior towards online shopping in Jamnagar city
Idp presentation on Consumer Behavior towards online shopping in Jamnagar cityIdp presentation on Consumer Behavior towards online shopping in Jamnagar city
Idp presentation on Consumer Behavior towards online shopping in Jamnagar cityDarshana Chauhan
 
Module 1.3 - Intro refugees and IDPs copy
Module 1.3 - Intro refugees and IDPs copyModule 1.3 - Intro refugees and IDPs copy
Module 1.3 - Intro refugees and IDPs copyBenjamin Petrini
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems  and Intrusion Prevention Systems Intrusion Detection Systems  and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 

Destacado (20)

Individual development plan
Individual development planIndividual development plan
Individual development plan
 
Individual Development Plans 2009
Individual Development Plans  2009Individual Development Plans  2009
Individual Development Plans 2009
 
Vendor Selection Case Study
Vendor Selection Case Study Vendor Selection Case Study
Vendor Selection Case Study
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos (1)
Kerberos (1)Kerberos (1)
Kerberos (1)
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
IDP Presentation 2010
IDP Presentation 2010IDP Presentation 2010
IDP Presentation 2010
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
The Nuts & Bolts Of Constructing An Effective Individual Development Plan
The Nuts & Bolts Of Constructing An Effective Individual Development PlanThe Nuts & Bolts Of Constructing An Effective Individual Development Plan
The Nuts & Bolts Of Constructing An Effective Individual Development Plan
 
Software selection and implementation in the real world
Software selection and implementation in the real worldSoftware selection and implementation in the real world
Software selection and implementation in the real world
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
 
Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...
Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...
Complete idp report on 'Consumer Behavior towards online shopping in Jamnagar...
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
Idp presentation on Consumer Behavior towards online shopping in Jamnagar city
Idp presentation on Consumer Behavior towards online shopping in Jamnagar cityIdp presentation on Consumer Behavior towards online shopping in Jamnagar city
Idp presentation on Consumer Behavior towards online shopping in Jamnagar city
 
Module 1.3 - Intro refugees and IDPs copy
Module 1.3 - Intro refugees and IDPs copyModule 1.3 - Intro refugees and IDPs copy
Module 1.3 - Intro refugees and IDPs copy
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems  and Intrusion Prevention Systems Intrusion Detection Systems  and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 

Similar a Select idps

Five IDS mistakes people make
Five IDS mistakes people makeFive IDS mistakes people make
Five IDS mistakes people makeAnton Chuvakin
 
Cyber Security And Technology Detection System
Cyber Security And Technology Detection SystemCyber Security And Technology Detection System
Cyber Security And Technology Detection SystemTisha Noel
 
Bank Solutions Inc. Security Plan Essay
Bank Solutions Inc. Security Plan EssayBank Solutions Inc. Security Plan Essay
Bank Solutions Inc. Security Plan EssayAmy Moore
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_CMR WORLD TECH
 
Taking A Look At Intrusion Detection
Taking A Look At Intrusion DetectionTaking A Look At Intrusion Detection
Taking A Look At Intrusion DetectionMaggie Cavanaugh
 
UTILINETIX Cyber Security White Paper 1121V1.pdf
UTILINETIX Cyber Security White Paper 1121V1.pdfUTILINETIX Cyber Security White Paper 1121V1.pdf
UTILINETIX Cyber Security White Paper 1121V1.pdfMestizo Services
 
Improving New Technology Systems From Cyber Criminals
Improving New Technology Systems From Cyber CriminalsImproving New Technology Systems From Cyber Criminals
Improving New Technology Systems From Cyber CriminalsJessica Reed
 
Similarities And Weaknesses Of Vulnerability Scanners
Similarities And Weaknesses Of Vulnerability ScannersSimilarities And Weaknesses Of Vulnerability Scanners
Similarities And Weaknesses Of Vulnerability ScannersJennifer Slattery
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Implementing An Automated Distributed Firewall
Implementing An Automated Distributed FirewallImplementing An Automated Distributed Firewall
Implementing An Automated Distributed FirewallGloria Young
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database SecurityLisa Diaz
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Jennifer Moser
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection SystemsPamela Caluso
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 

Similar a Select idps (20)

Five IDS mistakes people make
Five IDS mistakes people makeFive IDS mistakes people make
Five IDS mistakes people make
 
Cyber Security And Technology Detection System
Cyber Security And Technology Detection SystemCyber Security And Technology Detection System
Cyber Security And Technology Detection System
 
Bank Solutions Inc. Security Plan Essay
Bank Solutions Inc. Security Plan EssayBank Solutions Inc. Security Plan Essay
Bank Solutions Inc. Security Plan Essay
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_
 
Taking A Look At Intrusion Detection
Taking A Look At Intrusion DetectionTaking A Look At Intrusion Detection
Taking A Look At Intrusion Detection
 
UTILINETIX Cyber Security White Paper 1121V1.pdf
UTILINETIX Cyber Security White Paper 1121V1.pdfUTILINETIX Cyber Security White Paper 1121V1.pdf
UTILINETIX Cyber Security White Paper 1121V1.pdf
 
Improving New Technology Systems From Cyber Criminals
Improving New Technology Systems From Cyber CriminalsImproving New Technology Systems From Cyber Criminals
Improving New Technology Systems From Cyber Criminals
 
Similarities And Weaknesses Of Vulnerability Scanners
Similarities And Weaknesses Of Vulnerability ScannersSimilarities And Weaknesses Of Vulnerability Scanners
Similarities And Weaknesses Of Vulnerability Scanners
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Implementing An Automated Distributed Firewall
Implementing An Automated Distributed FirewallImplementing An Automated Distributed Firewall
Implementing An Automated Distributed Firewall
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database Security
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 

Más de Info-Tech Research Group

Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionInfo-Tech Research Group
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleInfo-Tech Research Group
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapInfo-Tech Research Group
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramInfo-Tech Research Group
 
Optimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationOptimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationInfo-Tech Research Group
 
Modernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureModernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureInfo-Tech Research Group
 
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsCraft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsInfo-Tech Research Group
 
Develop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyDevelop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyInfo-Tech Research Group
 
Implement an enterprise service bus revised
Implement an enterprise service bus    revisedImplement an enterprise service bus    revised
Implement an enterprise service bus revisedInfo-Tech Research Group
 

Más de Info-Tech Research Group (20)

Select and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection SolutionSelect and Implement a Next Generation Endpoint Protection Solution
Select and Implement a Next Generation Endpoint Protection Solution
 
Create a Winning BPI Playbook
Create a Winning BPI PlaybookCreate a Winning BPI Playbook
Create a Winning BPI Playbook
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sample
 
Optimize Change Management
Optimize Change ManagementOptimize Change Management
Optimize Change Management
 
Improve IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure RoadmapImprove IT Business Alignment With An Infrastructure Roadmap
Improve IT Business Alignment With An Infrastructure Roadmap
 
Build a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management ProgramBuild a Business-Driven IT Risk Management Program
Build a Business-Driven IT Risk Management Program
 
Standardize the Service Desk
Standardize the Service DeskStandardize the Service Desk
Standardize the Service Desk
 
Optimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and PrioritizationOptimize Project Intake Approval and Prioritization
Optimize Project Intake Approval and Prioritization
 
Modernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration InfrastructureModernize Communications and Collaboration Infrastructure
Modernize Communications and Collaboration Infrastructure
 
Optimize the IT Operating Model
Optimize the IT Operating ModelOptimize the IT Operating Model
Optimize the IT Operating Model
 
Info-Tech Membership Overview
Info-Tech Membership OverviewInfo-Tech Membership Overview
Info-Tech Membership Overview
 
Define an EA Operating Model
Define an EA Operating ModelDefine an EA Operating Model
Define an EA Operating Model
 
Become a Transformational CIO
Become a Transformational CIOBecome a Transformational CIO
Become a Transformational CIO
 
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize BenefitsCraft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
Craft an End-to-End Data Center Consolidation Strategy to Maximize Benefits
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Build an Application Integration Strategy
Build an Application Integration StrategyBuild an Application Integration Strategy
Build an Application Integration Strategy
 
Develop a Project Portfolio Management Strategy
Develop a Project Portfolio Management StrategyDevelop a Project Portfolio Management Strategy
Develop a Project Portfolio Management Strategy
 
Implement an enterprise service bus revised
Implement an enterprise service bus    revisedImplement an enterprise service bus    revised
Implement an enterprise service bus revised
 
Implement a Shared Services Model
Implement a Shared Services ModelImplement a Shared Services Model
Implement a Shared Services Model
 
Assess and Optimize EA Capability
Assess and Optimize EA CapabilityAssess and Optimize EA Capability
Assess and Optimize EA Capability
 

Último

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 

Último (20)

Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
UiPath Clipboard AI: "A TIME Magazine Best Invention of 2023 Unveiled"
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 

Select idps

  • 1. Select an Intrusion Detection and Prevention System
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. Developing an IDP strategy involves answering a number of questions; answer these four questions before proceeding Info-Tech Research Group Understand that everything that passes your firewall, anti-malware tools, and other security is free on your network. A firewall is a bouncer, an IDPS is a guard patrolling the bar for strangers and drunkards. IDPS can be deployed as a dedicated box or a consolidated box. Dedicated boxes offer higher performance and lower entry prices. Consolidated boxes offer a better TCO and streamlined management across multiple tools. Attacks can happen any time, any day. If you can’t afford the security staff to manage and watch the appliance 24/7, managed services can be a more attractive option. Have a large security staff already? Monitor the appliance in-house. For most enterprises, a single sensor at the network perimeter will be sufficient. Internal segments of the network with sensitive data, or firms using multiple ISPs should consider probes at entry points to each network. What does an IDPS do? What are my options? How do I manage it? How many probes do I need?
  • 7.
  • 8.
  • 9. If your security team can be staffed on an IDPS 24/7, do it in-house, otherwise go to managed services Info-Tech Research Group In the “good old days” when intrusion prevention was the pre-eminent technology, staffing issues were the 800lb Gorilla. Intrusion detection can generate vast numbers of alerts that must be dealt with, ideally in real time, for its protection capabilities to be realized. Intrusion prevention has mitigated this to a significant degree, to the point that large numbers of dedicated staff may not be required. For optimal protection, 24/7 monitoring of alerts and responses still has value. If you don’t need instant response, you don’t need active monitoring. Let the IDPS do its thing, but make sure to review logs daily, and page for significant threats. The IDPS can only be successful if a process is in place to monitor and maintain the system and reports are reviewed on a regular basis. “ “ - IT Manager, Education What Info-Tech clients are saying… Organizations that need the highest levels of responsiveness, and that have 5 or more security analysts on staff can afford to manage an IDPS on a 24/7 basis in-house at a cost-advantage vs. managed services. Security Analysts 5 Organizations that need high levels of responsiveness, but that do not have 5 or more security analysts on staff, and therefore cannot actively monitor their IDPS 24/7, will benefit from outsourcing to an MSSP. Security Analysts 5
  • 10. Calculate the number of probes required for your implementation given your current network topology Info-Tech Research Group The number of internal networks with confidential, private, or sensitive data on them determine how many internal IDP appliances the organization needs. Here ratio options exist – multi-segment, multi-Gigabit boxes are available for 1:x deployments but have big price tags and may be overkill. Evaluate internal network speed, and the number of segments to be protected to decide between large 1:x ratio boxes, or smaller “appliance per segment” solutions. The number of pure internet connections coming into the organization drives the number of dedicated or consolidated boxes required at the network perimeter. The ISP:appliance ratio must remain at 1:1 throughout the organization to ensure protection on all inbound links without introducing a single point of failure. The number of ISPs, in turn, is driven by the organization’s need for network redundancy and resiliency (e.g. failover networks). External Probes Internal Probes For consistent protection, the organization must have 1 appliance on each dedicated Internet connection. Use the number of network segments with sensitive data to drive internal probe deployment. Protected Corporate Network IDPS 1/UTM1 IDPS on Segment 1 ISP 1 ISP 2 IDPS 1/UTM1 IDPS 2/UTM2 Protected Corporate Network Segmented Network (e.g. R&D)
  • 11. Determine whether or not IDPS is appropriate for your organization before moving into vendor selection Info-Tech Research Group The IDP System Appropriateness Assessment Tool will help you: 1 Conduct an IDPS Necessity Assessment. 2 Determine whether you are better served by an IDPS or UTM. 3 Determine whether you should bring IDP in-house or move to managed services. 4 Calculate the number of probes required for your implementation given current network setup. This tool will help you determine whether or not you should be deploying an IDPS and how many probes you require. Use the probe figure in the IDP System TCO Calculator later in this solution set to more accurately project the cost of your specific implementation.
  • 12.
  • 13.
  • 14.
  • 15. IDPS Criteria & Weighting Factors g Info-Tech Research Group Vendor Evaluation Vendor is committed to the space and has a future product and portfolio roadmap. Strategy Vendor is profitable, knowledgeable, and will be around for the long-term. Viability Vendor offers implementation and ongoing management support. Support Product Evaluation The five year TCO of the solution is economical. Affordability The solution provides basic and advanced feature/functionality. Features The solution’s dashboard and reporting tools are intuitive and easy to use. Usability
  • 16. The Info-Tech IDPS Vendor Landscape For a complete description of Info-Tech ’s Vendor Landscape methodology, see the Appendix. Champions receive high scores for most evaluation criteria and offer excellent value. They have a strong market presence and are usually the trend setters for the industry. Competitors strike a strong balance between product and vendor attributes. They have the potential to become future industry leaders if they address the missing links in their offerings. Emerging players are newer vendors who are starting to gain a foothold in the marketplace. They balance product and vendor attributes, though score lower relative to market Champions. Innovators have demonstrated innovative product strengths that act as their competitive advantage in appealing to niche segments of the market. Industry standard vendors are established players with very strong vendor credentials, but with more average product scores.
  • 17. Every vendor has its strengths & weaknesses; pick the one that works best for you Product Vendor Features Usability Affordability Viability Strategy Support Note: “Harvey Ball” scores are produced by normalizing weighted, raw scores for each category, resulting in relative scores for each category. For example, an empty circle does not indicate a zero score; it indicates the lowest score in that category relative to other products. Likewise, a solid circle does not indicate a perfect score, but rather the highest score in that category relative to the other products. McAfee HP Cisco IBM Juniper Top Layer Sourcefire Radware Check Point
  • 18.
  • 19.
  • 20. HP focuses heavily on the enterprise market, hurting its strategy score; there is better value elsewhere based on price HP achieved a slightly above average Composite Performance Index score in all categories except for Strategy, where its score was well below the average. HP’s mediocre scores across most categories are a result of the high price of the solution and its low usability score. Its strategy score is below average because HP is more focused on the enterprise space rather than the small to medium enterprise, as evidenced by the progression in more favorable pricing as appliance throughput moves up stream. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA DVLabs Research employs 30+ research professionals and provided the first patch to 14 critical and 47 high risk vulnerabilities in 2010, more than 5x that of competing vendors.
  • 21.
  • 22. Cisco offers a huge amount of features at the most affordable price point, making it the best value play in the space Cisco achieved the highest Composite Performance Index scores in all categories except for Strategy, where its score was still above the average. Cisco's high across the board scores are the result of its solution having the lowest price of all evaluated products while having above average scores in all other categories. Its strategy score is limited, though still above average, due to its primary focus of consolidated rather than dedicated solutions. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA Maintains 700,000 sensors globally to feed Global Correlation program, boosting efficacy and driving reputation scores that are pushed out to all devices on the network.
  • 23.
  • 24. McAfee offers the most impressive feature list, but is priced at a hefty premium to the market, destroying value per dollar McAfee achieved low Composite Performance Index scores in all categories due to its exceptionally high price point. McAfee’s high price point negatively impacted its composite performance despite the breadth of its features and the strength of the product on the whole. It’s viability score was especially low due to the uncertainty surrounding the IntruShield offering post Intel acquisition. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA The McAfee IntruShield appliance lineup offers integrated VoIP protection to specifically protect against threats using this increasingly common communications mechanism.
  • 25.
  • 26. IBM offers average functionality but is backed by a strong corporate brand & large support network IBM achieved a slightly above average overall Composite Performance Index score with good specific results in support and viability, but poor results in strategy and usability. As the largest and most stable vendor in this survey, IBM’s high viability score is to be expected. The company’s usability score was negatively impacted by a complex management system, while it’s strategy was impacted heavily by to the firm’s focus on the enterprise market. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA As Data Leakage Protection becomes an ever more prevalent technology, it is finding its way into many other security solutions; IBM is the first to integrate DLP capability into its IDPS sensors.
  • 27.
  • 28. Juniper is the only vendor in the landscape offering ‘honeypot’ capabilities, and is priced well relative to its peers Juniper achieved a high Composite Performance Index score in all categories except for Strategy, where its score was below average. Juniper's high across-the-board scores are the result of its solution having one of the lowest price points in the group, while providing more features than other, similarly priced vendors. It’s strategy score is below average due to its focus on the enterprise space with its IDPS solution – the firm carries a UTM solution geared much better towards the SME. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA Juniper’s IDP series of appliances uniquely offers ‘honeypot’ capabilities to track and confound illicit reconnaissance efforts.
  • 29.
  • 30. Sourcefire focuses heavily on IDP & benefits from the large open-source community behind Snort Sourcefire recorded one of the higher Composite Performance Index scores due to the combination of generally positive criteria scores and overall attractive pricing. Sourcefire was regarded as having the highest CPI score for strategy as a result of its IDP only focus and attractiveness to the SME space. As with the other smaller vendors in the study, viability is impacted when compared with multi hundred billion dollar companies. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA As the commercial offering from the developers of Snort, the world’s most commonly deployed IDP solution, Sourcefire can draw on that massive community user base for signature development.
  • 31.
  • 32. Check Point performs poorly on a CPI basis due to a lofty price point & minimal functionality, resulting in poor value Check Point achieved a low Composite Performance Index as a result of the second highest price in this study, compared against generally modest results in most categories. Check Point achieved its best results in usability (due to a very clean management interface) and strategy (due to its focus). It’s advanced feature set was deemed one of the weakest in the comparison, resulting in the low CPI for that criteria. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA Though not a metric in this evaluation, Check Point has recently been reviewed favorably on performance and throughput capabilities by NSS Labs, an independent testing house.
  • 33.
  • 34. Top Layer offers an IPS-only, SME focused product with a free appliance option, but its recent takeover hurts viability Top Layer offers a reasonably competitive product, at a slightly above average price, resulting in a lower overall Composite Performance Index result. This may be mitigated however with Top Layer’s innovative free appliance approach. Top Layer’s focus on the IDP market, and the SME client, earns it solid Strategy marks; however, its just announced acquisition by UK based Corero as the flagship of that company’s new (and still being defined) security division significantly impacts viability scores. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA Top Layer’s TopMSS managed services offering allows enterprises to invest in technology and the management of that technology from a single provider.
  • 35.
  • 36. Radware carries a high initial investment cost on its appliances & involves using an extremely complex management interface Radware’ s overall Composite Performance Index score was radically impacted by the high initial costs of it appliances compared against mostly mediocre scores in all categories. Radware’s best results came in strategy due to its strict focus on the IDPS space. It’s worst results, usability and viability, are attributable first to a complex and confusing interface, and second to being a very small company in the presence of much larger competition. Vendor Listing Advanced Features Bonus Support Delivery and Reach DoS Protection Inherent Firewall Reputation Based Scanning Virtual Signatures Virtual Infrastructure Protection Application Specific Scanning Encrypted Traffic Scanning Redundancy User Based Signatures North America APAC EMEA The ERT provides instantaneous, expert security assistance in order to restore network and service operational status when a client is under DDoS attack or malware outbreak.
  • 37. Not all vendors are created equal; pick the right one for your case Effectiveness is highly vendor dependent. The Composite Performance Index is a measure of value for dollar, but certain, specific select criteria may be driving your needs. The table below provides some insight into what vendors Info-Tech recommends, based on specific needs. I want… Info-Tech Recommends The best value for my dollar. Cisco, Juniper The greatest feature set. HP, McAfee The most up-to-date signatures at all times. HP, IBM A vendor that is focused on the small enterprise. Radware, Sourcefire, Top Layer, Check Point The ability to scale up cheaply as I grow. Radware Full redundancy. HP, Top Layer Inherent firewall. Radware, McAfee, Top Layer
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43. Start with nearline monitoring, but move to inline blocking as probe performance is optimized Getting the throughput specifications right for the appliance should be a prime focus point. A small box becomes a network bottleneck, a large box requires significantly more capital. Info-Tech Insight A nearline deployment provides IT with a chance to monitor the default rules setup of the appliance and assess throughput capacity without materially impacting the network. Start with a nearline deployment and only move to inline when you are sure the appliance will not become a bottleneck on the network. In terms of tuning the rules of the box, trial and error is the generally used method. Start by turning on the baseline rules, and tweak both rules and thresholds until the appliance performs at an acceptable rate. Once the appliance is performing satisfactorily, move it inline and implement blocking. 43% 98% 31% 92%
  • 44. Use a pilot group & monitor actively during the initial tuning phase; IPS requires constant attention to be effective The initial configuration of an IDPS appliance is extremely important to the optimal functioning of the solution, but the effort must be maintained throughout the system’s lifetime to remain effective. Info-Tech Insight Understand that IPS is not an idle technology – monitoring reports and logs is the only way to configure an IPS solution to optimal block rates. The goal with monitoring is to develop an idea for what baseline figures and activities look like, making it easier to spot anomalies in the future. After a few days of running the solution, open up the event logs and begin to understand what is happening. Check that the applications you expect to be running are running, resolve early false positives, and ensure the processes and services are correct. Tuning accurately is a major differentiator between an adequate solution and a great one. At this stage in the game, focus on finding the right thresholds. Increase the risk threshold for processes being logged that shouldn’t be, and do the inverse for those that should. Reducing noise in the management console is the quickest way to reduce the time spent reviewing logs daily. Create exceptions for commonly logged but non-threatening actions, such as running sanctioned scripts so you can focus on logging and analyzing potential threats. The final step in tuning the appliance is to configure dashboards and reporting to display the most pertinent information. Make displaying trends, query results, and issues the priority, and schedule reports to be sent automatically to the responsible individuals for mitigation. Monitor Daily Review Logs Begin Tuning Create Exceptions Configure Reporting 1 2 3 4 5
  • 45.
  • 46.
  • 47.
  • 49. Vendor Landscape Methodology Info-Tech Research Group Info-Tech Research Group Vendor Landscape market evaluations are a part of a larger product selection solution set, referred to as a Select Set. The Vendor Landscape evaluation process starts with a customer survey. Customers tell us which vendors and products they ’ve heard of and which ones they use, plan to use, or are investigating. From the survey results, and the domain experience of our analysts, a vendor/product shortlist is established. Product briefings are requested from each of these vendors, asking for information on the company, products, technology, customers, partners, sales models, and pricing. Our analysts then score each vendor and product across a variety of categories. These scores are then weighted according to weighting factors that our analysts believe represent the weight that an average client should apply to each criteria. The weighted scores are then averaged for each of two high level categories: vendor score and product score. A plot of these two resulting scores is generated to place vendors in one of five categories: Champion, Competitor, Emerging Player, Innovator, and Industry Standard. Analysts take the individual scores for each vendor/product in each evaluation category and normalize them to a scale of zero to four . This produces a relative scoring, where a low score value indicates low performance in that category relative to the performance of the other products in that category and vice versa for a high score . These normalized scores are represented with Harvey Balls , ranging from an open circle for a score of zero and a filled-in circle for a score of four . Harvey Ball scores do not represent absolute scores , only relative scores. Individual scorecards are then sent to the vendors for factual review, and to ensure no information is under embargo. We will make corrections where factual errors exist (e.g. pricing, features, technical specifications). We will consider suggestions concerning benefits, functional quality, value, etc; however, these suggestions must be validated by feedback from our customers. We do not accept changes that are not corroborated by actual client experience or wording changes that are purely part of a vendor ’s market messaging or positioning. Any resulting changes to final scores are then made as needed, before publishing the results to Info-Tech clients. Vendor Landscapes are refreshed every 12 to 24 months, depending upon the dynamics of each individual market.