This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."
Download it now to read this article plus other related content.
Ask yourself this question before looking at products, before talking to vendors and certainly before deciding whether you even need more security. Start with an IPS needs statement--a single paragraph. Understanding why you're adding intrusion prevention and what you're looking for in an IPS is so critical that its importance is difficult to under emphasize. Only then can you ask yourself about security and coverage, performance, management and form factor.
There are many good reasons to add IPS, including:
- Extra protection at the perimeter or at the core, employing signature-based technology to block malware.
- DoS mitigation to protect a server farm and ensure availability.
- Compliance with regulatory requirements.
- IDS-like alerting and forensics to help you get a better handle on what kinds of threats are hitting your network.
It would be easier if you could simply reduce this list of implementation reasons and goals into a feature checklist--something you could throw into an RFP and pick the vendor that can check all the right boxes. That's impossible, not so much because the features
This was first published in February 2007