1. Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2013 Info-Tech Research Group Inc. Select and Implement Intrusion Detection and Prevention Systems Reduce risks to critical systems and data with IDPS-enabled visibility and responsiveness. Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© 1997 - 2013 Info-Tech Research Group

2. Info-Tech Research Group2 Today’s threat landscape means you can’t keep your head stuck in the sand forever. An intrusion detection and prevention system (IDPS) provides an essential layer of visibility into your network. Introduction IT or security managers looking to add an additional layer of visibility to their current security portfolio. Organizations who have experienced a breach and need to address the holes in their network. Organizations with compliance requirements where IDPS is necessary. Understanding the costs and options for IDPS implementations. Design the correct IDPS architecture. Select the most appropriate IDPS solution. Avoid implementation pitfalls. Plan for effective system operations and management. This Research Is Designed For:This Research Will Help You:

3. Info-Tech Research Group3 Executive Summary Know your requirements Understand the product landscape Prepare to respond Having an up-to-date network architecture diagram is key to understanding where IDPS will potentially be placed. Do you have any PCI zones? Any databases with sensitive information that require extra protection? Knowing what you can devote in terms of resources for implementation and for the ongoing monitoring of the solution is also important towards what kind of IDPS is appropriate, and if managed services is an option to evaluate. Use the Info-Tech Vendor Landscape: Intrusion Detection and Prevention Systems to review the leaders in the space, and what they can offer in terms of advanced features that matter specifically to your organization.Vendor Landscape: Intrusion Detection and Prevention Systems Prepare for a comprehensive evaluation of products and vendors with an Request for Proposal (RFP) template and Vendor Demo script to ensure the right answers to your questions are obtained. Have a plan in place for implementation, and know that rules configuration should be initiated after you’ve taken the time to understand your environment – by setting the IDPS in “detect” mode only at first. Create an incident response team so your team knows what to look for in order to predict incidents and the proper parties are involved when an incident occurs. Develop your incident containment strategy, and a tracking system so that your team can measure improvement (i.e. as the process is streamlined, it requires less time/resources to contain a threat).

4. Info-Tech Research Group4 Prepare to be hacked (if it hasn’t already happened) The reality is that organizations’ lack of visibility increases the likelihood that they have been hacked – or are currently being hacked and they don’t even know about it. Threats are evolving everyday, and are unforeseeable and diverse. Protecting information has become less about technology and more about contributing to sustainability of your organization as a whole. IDPS – along with other security tools – can increase that visibility to give you an advantage over the threats; but know that while there is no silver bullet to perfectly protect you, it’s better to have something than nothing at all. 42% increase in targeted attacks in 2012 5,291 new vulnerabilities discovered in 2012 14 zero-day vulnerabilities Threats are increasing by 125,000 a day 91% of organizations have experienced at least one threat in 2011 50% of businesses see cyber threats as a critical risk to their organization 35% have experienced a data loss in 2011 The current threat context “I won’t do anything without it (IPS). If you can’t see what’s happening, then the odds are it’s already happened. Anyone that’s going to put themselves out on the Internet, you’re going to be attacked. You might as well accept that fact and put (IPS) in. If you think you’re ahead of the game, you’re not. What I try to do is make myself a harder target than you.” – Todd Hatcher, Infrastructure Manager, Tarrant Regional Water District “We feel IPS (intrusion prevention system ) is definitely a value add component of our security architecture, but it is just one layer.” – Robert Pierce, Carolinas HealthCare System

5. Info-Tech Research Group5 Security: the top driver behind IDPS implementation Source: Info-Tech Research Group; N=54 Enterprises are primarily driven by improving security when looking at key drivers behind IDPS implementation – and not necessarily because they’ve had to deal with a previous issue. o IDPS is seen as a proactive move for enterprises, a welcome change of pace for most security tool implementations. But in order to improve security, prevention mode obviously takes the lead over detection mode because it actively blocks attacks rather than just alerting organizations to incidents. Detection could be a minimum requirement of the tool if the organization is just looking to meet compliance regulations – but ultimately prevention mode provides the most benefits overall.

6. Info-Tech Research Group6 Intrusion Detection and Prevention: Day 1 Module 1: Gather & align requirements for IDPS Collect architectural requirements for IDPS Module 2: Capture costs and benefits of IDPS Understand benefits of various deployment options Determine costs of implementation Collect organizational requirements Calculate the TCO/ROI of an IDPS implementation with the IDPS Financial Calculator Conduct current state assessment with the IDPS Appropriateness Assessment Tool

7. Info-Tech Research Group7 Intrusion Detection and Prevention: Day 2 Module 4: Prepare for IDPS implementation and operations Create an incident response team Determine your containment strategy Maintain information in the IDPS Business Case and Operations Plan Module 3: Evaluate IDPS solutions and vendor selection Determine key advanced features that meet your requirements with the IDPS Vendor Shortlist and Detailed Feature Tool Understand the IDPS product landscape Prepare for evaluation with a Vendor Demo Script and RFP Template Determine your deployment method

8. Info-Tech Research Group8 Two day schedule and deliverables ScheduleNameGoal List of Deliverables Day 1 Morning Day 1 Afternoon Collect organizational requirements Collect architectural requirements Conduct current state assessment with IDPS Appropriateness Assessment Tool Analyze the types of security events that affect your organization. Understand what kind of resources, if any, your organization can dedicate to this type of project. Understand where IDPS will be located within your network architecture. Determine whether an IDPS implementation is appropriate for your organization’s requirements. Security Event Analysis Tool IDPS Business Case & Operations Plan IDPS Appropriateness Assessment Tool Understand benefits of various deployment options Determine costs of implementation Develop a financial analysis of an IDPS implementation Be aware that standalone IDPS is not the only option available to enterprises. Prepare for what implementation may cost by deciding how many sensors will be required on your network architecture. Calculate the Total Cost of Ownership (TCO) and the Return on Investment (ROI) of an IDPS implementation. IDPS Financial Calculator Day 1

9. Info-Tech Research Group9 Two day schedule and deliverables ScheduleNameGoal List of Deliverables Day 2 Morning Day 2 Afternoon Understand the IDPS product landscape Determine key advanced features to meet your organization’s requirements Prepare to evaluate potential vendors Understand what products best meet your organization’s requirements. Prepare proper documentation, such as an RFP, as well as a vendor demo script to comprehensively evaluate your shortlist of chosen vendors. IDPS Vendor Landscape IDPS Vendor Shortlist and Detailed Feature Analysis Tool IDPS RFP Template IDPS Vendor Demo Script Determine your deployment method Create incident response team Determine your containment strategy Maintain information in central document Understand inline monitoring and initial tuning. Determine key players whose responsibility is to respond to incidents when they occur. Identify how your organization will contain with incidents. Begin proactively recording and updating all IDPS-related information in a central document (for auditing purposes, annual reviews, etc.). IDPS Business Case and Operations Plan Day 2

10. Info-Tech Research Group10 An IDPS sits at your network perimeter and tracks what comes and goes; without it, your borders may be open to strangers. Understand what IDPS can do for you Understand that everything that passes your firewall, anti-malware tools, and other security is free on your network. A firewall is a bouncer, an IDPS is a guard patrolling the bar for strangers and drunkards. Organizations without IDPS are not more susceptible to breaches, but will be unaware of what enters and exits their network. Organizations with IDPS are more capable of monitoring what enters and exits their network and can mitigate the impact of any potential threats. Open Corporate Network Incoming Traffic Firewall Anti-Malware No IDPS Firewall Anti-Malware IDPS Protected Corporate Network Incoming Traffic An IDPS sits behind the firewall and the anti-malware protection system, monitoring traffic passing through both solutions. In detection mode, an IDPS will alert the network administrator when questionable traffic that has passed the firewall and anti-malware solutions passes through the box. In prevention mode, the box will mitigate the threat as soon as it hits the IDPS system. Organizations with some security tools in place will catch a portion of malicious traffic as it hits the firewall and anti-malware tools. Make no mistake, some malicious traffic will get past these tools and hit the internal network. Without an IDPS in place, IT will have no record of what threats entered the network, leading to a potential wild goose chase in an effort to track them down.

11. Info-Tech Research Group11 How to use this blueprint We recommend that you supplement the Best Practices Blueprint with a Guided Implementation. For most Info-Tech members, these Guided Implementations are included in your membership plan.* Our expert analysts will provide telephone assistance to you and your team at key project milestones to review your materials, answer your questions, and explain our methodology. Info-Tech Research Group’s expert analysts will come onsite to help you work through our project methodology in a 2-5 day project accelerator workshop. We take you through every phase of the project and ensure that you have a road map in place to complete your project successfully. In some cases, we can even complete the project while we are onsite. Do-It-Yourself Implementation Use this Best Practice Blueprint to help you complete your project. The slides in this Blueprint will walk you step-by-step through every phase of your project with supporting tools and templates ready for you to use. Project Accelerator Workshop You can also use this Best Practice Blueprint to facilitate your own project accelerator workshop within your organization using the workshop slides and facilitation instructions provided in the Appendix. Book your workshop now by emailing: WorkshopBooking@InfoTech.com WorkshopBooking@InfoTech.com Best Practice Blueprint Free Guided ImplementationOnsiteWorkshops * Gold and Silver level subscribers only Or calling: 1-888-670-8889 Ext. 3001 There are multiple ways you can use this Info-Tech Best Practice Blueprint in your organization. Choose the option that best fits your needs:

12. Info-Tech Research Group12 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889