In that case, I would suggest deploying an IDS with the ability to monitor each of your network segments. Resources...
permitting, it's a good idea to have the ability to see into each of your zones. This will allow you to monitor traffic that passes between devices within the same zone and never reaches the firewall. Depending upon your data center architecture, it may even be possible to use a SPAN port to provide traffic from more than one zone to the same IDS sensor or network interface card (NIC).
Also consider deploying some intrusion prevention system (IPS) functionality. For more information, read my recent tip entitled "Network intrusion prevention systems: Should enterprises deploy now?".
- Best practices for creating an IDS and maintaining a signature database with Mike Chapple.
- Is it possible to write an IDS using Java? Read more.
Related Q&A from Mike Chapple
The updated HITRUST Common Security Framework allows organizations to manage privacy, security and compliance with one framework. Here's how it works...continue reading
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.continue reading
A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.