IDS and IPS Buyers Guide: 3 key factors to plan your budget for an intrusion protection system

Align your architecture and deployment to work within your budget while keeping in mind your annual costs of maintaining the system.
By Ephraim Schwartz
08:05 AM
Share
IDS and IPS Buyers Guide

Jeff Pollard, principal analyst at Forrester Research, provided Healthcare IT News with the following guidelines to follow in building your budget for an intrusion detection and protection system.

1. Form factors must match ongoing business initiatives. If the organization is adopting a services model with heavy investments and future plans in the cloud then an appliance based on-premise approach to IDS and IPS is not appropriate. A SaaS or Cloud-based solution is more appropriate.

2. Align your architecture and deployment you’re your purchasing decision. Is your organization centralized or decentralize? If your infrastructure is centralized, a low quantity of large appliances might be necessary. If decentralized, then a high number of smaller appliances could be necessary. In many situations, a larger number of mid-range devices will lead to a far higher cost than a small quantity of high-end devices.

3. Consider the budgetary impact of a capital expenditure versus an ongoing operational expense. Services have the advantage of being flexible and scalable benefitting from horizontal and vertical elasticity as the organization grows. Products have more limiting constraints with amortization schedules often lasting 5 years or more.

IDS and IPS features to compare:

As you compare an Intrusion Detection System or Intrusion Protection System from different vendors, these are the technologies you will encounter. * Pattern Matching: The IDS and IPS should include up-to-date signatures of known threats that compare traffic to those signatures and a facility for keeping the system updated with the most recent threat patterns.

* Heuristics and behavior-based analysis: Comparing the nature and behavior of the network traffic to what is expected or what is the norm.

* Inbound and Outbound SSL Inspection: The system will decrypt and inspect encrypted traffic. Review on-board capability versus off-load inspection to a secondary appliance.

* User and application network visibility. Perform on board analytics and offer reporting to display which users and which applications are consuming network bandwidth.

* Granular application service control: The ability to author and enforce policy rules.

* Network access policy based on location and IP/URL Reputation: Ability to create a white list of countries it performs business with and block traffic IP addresses know to be bad actors.

* Network access policy based on Web category: The facility to author and enforce your organization’s policies to block employee access to legitimate sites that are deemed inappropriate.

* Integration with other vendors’ Advanced Malware Protection solutions: The ability to expose a web services API so that the organization can employ industry standard/open standard web services integration to integrate the various components deployed and operated for cyber security defense.

* Forensics: Ability to offer a basic packet capture capability to provide the necessary evidence to an organization's forensics team when investigating an attack.

* Data Leakage Protection: Author and enforce policies that detect and block when credit card numbers, social security number and other personal identifiable information is observed on the network. This capability can be useful when working with auditors who are performing PCI and HIPAA assessments.

* Embedded Bypass: Ensures that network traffic will continue to flow in the event the appliance fails.

Read our reviews of leading security specialists latest tools: 

⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new

Fortinet provides multi-threat protection through a single device integrated network

IBM Security offers a threat protection solution using both hardware and software integration

Juniper Networks uses static and dynamic inspection to manipulate files to detect malware

Damballa Failsafe looks for patterns of suspicious activity with machine learning

Symantec Endpoint Protection shields devices using reputation technology to identify threats

Helpful advice on planning your purchase of IDS and IPS tools: