Intrusion attempts occur at a staggering rate and few organizations have enough manpower to investigate all of the attacks. How do you keep everyone from malicious hackers to incompetent employees from harming your network? How do you stay focused on real threats? This session assesses the current product landscape in the intrusion detection, prevention and active defense market. Scott Sidel, a technical editor for Information Security magazine, covers the role IDS plays in a security architecture and offers tips for increasing "signals" (true positives) and reducing "noise" (false positives). He helps you determine the pros and cons of going in line with active defense and profiles the types of organizations that can most benefit from a positive security model. Sidel looks at the types of products that are truly effective, as well as arms you with the best ways to improve your staff's ability to analyze threats.
- The (real) value proposition for IDS/IPS
- Where IDS/IPS works best in your network
- What you should (and should not) expect when deploying IDS/IPS
- What comprises a solid IDS/IPS program
- How to avoid common IDS/IPS mistakes
This was first published in October 2005