Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vendor Landscape Plus: Intrusion Detection and Prevention Systems.

Published byAubrey Small Modified over 8 years ago

Similar presentations

Presentation on theme: "Vendor Landscape Plus: Intrusion Detection and Prevention Systems."— Presentation transcript:

1 Vendor Landscape Plus: Intrusion Detection and Prevention Systems

2 2 This research is designed for…This research will help you… Understand how IDPS works and what kind of deployment your organization requires. Shortlist IDPS vendors and put together an RFP. Tune your IDPS to achieve maximum block rates, and ensure you see value out of your investment. CIOs and IT managers who have decided to deploy IDPS but are unfamiliar with the space. Organizations looking to increase the security profile of their network. Organizations looking for resolutions to internal data breach problems. Use this research to help you understand and strategize your IDPS deployment, and select the right solution given your budgetary constraints and needs. Info-Tech Research Group Security is a big deal. Regardless of whether or not the business houses sensitive data, malicious intruders on your corporate network disrupt business continuity and that costs money. Deploying an Intrusion Detection and Prevention System (IDPS) is the organization’s internal patrol, working with other security tools, such as Firewalls and Anti-Malware, to keep malicious traffic out of your network. Introduction

3 Executive Summary Info-Tech Research Group3 In the past, Info-Tech recommended organizations deploy an Intrusion Detection System to monitor traffic on the corporate network – this has changed, Intrusion Prevention technology has come a long way and is now ready for primetime. Network intrusion is costly – sensitive data being stolen is a problem for the enterprise and, more importantly, for you and your job security as the IT person responsible for security. Developing an IDPS strategy involves a number of decision points: understand the appliance options available, how to manage them, and how and where to position them on your network to provide the best coverage. Every vendor in the IDPS space offers the same basic Table Stakes – if baseline IDPS functionality is all you require, focus on price, if specific features are driving the need, look to the Vendor Landscape tool and scenario slides. The Composite Performance Index (CPI) is a measure of value per dollar, displaying what each vendor offers in terms of features, usability, viability, strategy and support per raw point awarded in the affordability category. This is, essentially, a bang for your buck metric. Monitoring daily is a critical aspect of implementing an IDPS, do it to get an idea of what is being logged regularly and adjust thresholds accordingly to ensure you only log and analyze potential threats. Tuning the box is the most significant contributor to lessening the manpower associated with running it – a tuned box captures and blocks 19% more threats than an untuned box, meaning you’re analyzing 19% less of the threats that hit it.

4 EvaluateImplement & Operate Strategize Select Though firewalls are supposed to block illicit inbound traffic, they don’t always succeed; an IDPS catches the threats the firewall misses. Intrusion Detection was declared dead in 2004; the proclamation was early, but Intrusion Prevention has progressed to the point that it is now the standard. An IDPS strategy involves several components, a core one of which is the decision between dedicated and consolidated solutions. 4 Roadmap Decide between intrusion detection & intrusion prevention I

5 Network intrusion is costly – if your organization has data- stealing intruders, your job may be at stake 5 Implement security technology such as an IDPS to protect yourself from what could happen if you’re unprotected – nobody wants to be a headline. TJX, a large American retailer, was hit with a $118 million charge against 2 nd quarter earnings in 2007 due to the theft of 45.9 million credit cards via a breach of their wireless network. 1 Implementing an IDPS is an effective way of preventing malicious content from compromising the network and causing this kind of disaster. Sources: 1.USA Today, “TJX, Visa reach $40.9M settlement for data breach,” November 2007. 2.Info-Tech Research Group, n = 22 86% of Organizations are proactively improving security by implementing IPS before an intrusion wreaks havoc. IDPS should be implemented as part of an overall security strategy at any organization interested in protecting corporate assets. IT departments must carefully evaluate the right product based on company culture, industry, and network topology. “ “ - IT Manager, Financial Services You never expect your house to burn down, but you buy insurance just in case it does – similarly, you may not expect to get hacked, but you want some form of protection in place for when you are.

6 Developing an IDP strategy involves answering a number of questions; answer these four questions before proceeding Info-Tech Research Group6 Understand that everything that passes your firewall, anti- malware tools, and other security is free on your network. A firewall is a bouncer, an IDPS is a guard patrolling the bar for strangers and drunkards. IDPS can be deployed as a dedicated box or a consolidated box. Dedicated boxes offer higher performance and lower entry prices. Consolidated boxes offer a better TCO and streamlined management across multiple tools. Attacks can happen any time, any day. If you can’t afford the security staff to manage and watch the appliance 24/7, managed services can be a more attractive option. Have a large security staff already? Monitor the appliance in- house. For most enterprises, a single sensor at the network perimeter will be sufficient. Internal segments of the network with sensitive data, or firms using multiple ISPs should consider probes at entry points to each network. What does an IDPS do? What are my options? How do I manage it? How many probes do I need?

7 An IDPS sits at the network perimeter and tracks what comes and goes; without it, your borders may be open to strangers Info-Tech Research Group7 An IDPS sits behind the firewall and the anti- malware protection system, monitoring traffic that has passed through both solutions. In detection mode, an IDPS will alert the network administrator when questionable traffic that has passed the firewall and anti-malware solutions passes through the box. In prevention mode, the box will actually mitigate the threat as soon as it hits the IDPS system. Organizations without IDPS are not more susceptible to breaches, but will be unaware of what enters and exits their network. Organizations with IDPS are more capable of monitoring what enters and exits their network and can mitigate the impact of any potential threats. Firewall Anti-Malware IDPS Protected Corporate Network Incoming Traffic Organizations with some security tools in place will catch a portion of malicious traffic as it hits the firewall and anti-malware tools. Make no mistake, some malicious traffic will get past these tools and hit the internal network. Without an IDPS in place, IT will have no record of what threats entered the network, leading to a potential wild goose chase in an effort to track them down. Open Corporate Network Incoming Traffic Firewall Anti-Malware No IDPS 75% of respondents to a recent Info-Tech survey about IDPS stated that their networks had become significantly more secure as a result of their IDPS deployment. Info-Tech Insight

8 A dedicated IDPS solution is a necessity if you need to monitor internal segments of the network – protect that sensitive data! Info-Tech Research Group8 Consolidated boxes that hold multiple security technologies within a single appliance fit the smaller organization with less of a budget aimed towards IT security. The primary benefit with consolidated boxes is streamlined management tools, but their complexity can make them more expensive than dedicated solutions; if you don’t need all the functionality a UTM offers, they can be cost-and-protection overkill. IDPS is a better fit for organizations with other security technology already in place – throwing out already purchased tools is expensive. If the network currently has security tools, upgrading via a dedicated IDPS box is simpler and more cost effective. Dedicated boxes also contain higher throughput capacity and speed, resulting in less interference on network traffic. An IDPS acts as a dedicated box at the perimeter of your network that works with a firewall and anti- malware solutions to protect the network. A unified threat management (UTM) system is a consolidated box, housing multiple security tools that protect the network. Firewall Anti-Malware IDPS Protected Corporate Network Incoming Traffic Protected Corporate Network Incoming Traffic Firewall Anti-Malware IDPS Understand that when deciding between a dedicated box and a consolidated box, you’re really looking at deciding between lower initial investment (dedicated) v. lower TCO (consolidated). Info-Tech Insight

9 If your security team can be staffed on an IDPS 24/7, do it in- house, otherwise go to managed services Info-Tech Research Group9 The IDPS can only be successful if a process is in place to monitor and maintain the system and reports are reviewed on a regular basis. “ “ - IT Manager, Education What Info-Tech clients are saying… In the “good old days” when intrusion prevention was the pre-eminent technology, staffing issues were the 800lb Gorilla. Intrusion detection can generate vast numbers of alerts that must be dealt with, ideally in real time, for its protection capabilities to be realized. Intrusion prevention has mitigated this to a significant degree, to the point that large numbers of dedicated staff may not be required. For optimal protection, 24/7 monitoring of alerts and responses still has value. If you don’t need instant response, you don’t need active monitoring. Let the IDPS do its thing, but make sure to review logs daily, and page for significant threats. Organizations that need the highest levels of responsiveness, and that have 5 or more security analysts on staff can afford to manage an IDPS on a 24/7 basis in-house at a cost-advantage vs. managed services. Security Analysts 5 Organizations that need high levels of responsiveness, but that do not have 5 or more security analysts on staff, and therefore cannot actively monitor their IDPS 24/7, will benefit from outsourcing to an MSSP. Security Analysts 5

10 Calculate the number of probes required for your implementation given your current network topology Info-Tech Research Group10 The number of internal networks with confidential, private, or sensitive data on them determine how many internal IDP appliances the organization needs. Here ratio options exist – multi-segment, multi-Gigabit boxes are available for 1:x deployments but have big price tags and may be overkill. Evaluate internal network speed, and the number of segments to be protected to decide between large 1:x ratio boxes, or smaller “appliance per segment” solutions. The number of pure internet connections coming into the organization drives the number of dedicated or consolidated boxes required at the network perimeter. The ISP:appliance ratio must remain at 1:1 throughout the organization to ensure protection on all inbound links without introducing a single point of failure. The number of ISPs, in turn, is driven by the organization’s need for network redundancy and resiliency (e.g. failover networks). External Probes Internal Probes For consistent protection, the organization must have 1 appliance on each dedicated Internet connection. Use the number of network segments with sensitive data to drive internal probe deployment. Protected Corporate Network IDPS 1/UTM1 IDPS on Segment 1 ISP 1 ISP 2 IDPS 1/UTM1 IDPS 2/UTM2 Protected Corporate Network Segmented Network (e.g. R&D)

11 Determine whether or not IDPS is appropriate for your organization before moving into vendor selection Info-Tech Research Group11 The IDP System Appropriateness Assessment Tool will help you:IDP System Appropriateness Assessment Tool 1 Conduct an IDPS Necessity Assessment. 2 Determine whether you are better served by an IDPS or UTM. 3 Determine whether you should bring IDP in-house or move to managed services. 4 Calculate the number of probes required for your implementation given current network setup. This tool will help you determine whether or not you should be deploying an IDPS and how many probes you require. Use the probe figure in the IDP System TCO Calculator later in this solution set to more accurately project the cost of your specific implementation.

12 Info-Tech Helps Professionals To: Sign up for free trial membership to get practical Solutions for your IT challenges “Info-Tech helps me to be proactive instead of reactive - a cardinal rule in stable and leading edge IT environment.” - ARCS Commercial Mortgage Co., LP

Download ppt "Vendor Landscape Plus: Intrusion Detection and Prevention Systems."

Similar presentations

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Systems Analysis and Design 9th Edition

Systems Analysis and Design 9th Edition
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Services not available everywhere. Business customers only. CenturyLink may change, cancel, or substitute offers and services, or vary them by service.

Services not available everywhere. Business customers only. CenturyLink may change, cancel, or substitute offers and services, or vary them by service.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.

1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
MOORE MEDICAL CORP. Buket Güney Nükhet Agar. About Moore Medical… Moore Medical Group serves in the area of medical products since 1947. It is serving.

MOORE MEDICAL CORP. Buket Güney Nükhet Agar. About Moore Medical… Moore Medical Group serves in the area of medical products since It is serving.
INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.

INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.
Role Of Network IDS in Network Perimeter Defense.

Role Of Network IDS in Network Perimeter Defense.
Www.infotech.com Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.

Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.
OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.

OCTAVE By Matt White. OCTAVE  OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a risk-based strategic assessment and planning.

Similar presentations

Ads by Google