Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."

Download it now to read this article plus other related content.

STEP #5:
Management is a huge issue in product selection. The product you choose must meet your requirements for management, monitoring and forensics capabilities. IPS products vary in their management philosophy, from virtually no continuing management to very high management. Making the wrong choice can lead to catastrophic failure of your IPS deployment. The worst thing you can possibly do is select a "high management" product and put it into a "no management" environment.

IPS management systems are unlike any other application or management system in the network. This difference, and the accompanying complexity, is an important factor, especially if you don't have the luxury of a dedicated IPS/IDS team. Keep in mind who will be responsible for day-to-day management of the IPS, what their level of expertise is, what more they can be expected to learn and how many hours a day you've budgeted for IPS management.

Some of the other factors that will affect your management requirements include:

  • Forensics. Many IPS products also have IDS capabilities, offering intensive logging, IDS signatures in addition to IPS signatures, and packet capture facilities. This type of product is a great addition to any network, but only if you have the appropriate staff and expertise.


  • Network visibility. Because IPSes see so much traffic, they can give managers insight

Requires Free Membership to View

  • into what is happening on the network. IPS management systems that present this information graphically offer great benefits and can highlight problems and trends at a glance.


  • Event alerting and correlation. Security event management (SEM) tools gather and correlate data from multiple sources. Some IPS management systems have SEM capabilities.


  • Performance of the management system. If you plan to keep old data for investigative, trend-matching or regulatory reasons, you should make an effort to estimate the amount of data to help IPS vendors properly size the management system.
In addition to IPS-specific features, the traditional characteristics of any enterprise-class management system should be part of your evaluation criteria. This might include delegated management or role-based management (or both), reporting systems, and scalability to multiple IPS devices.

This was first published in February 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: