What to watch: IDS and IPS features to consider when comparing products
When comparing the Intrusion Detection System or Intrusion Protection System from different vendors these are the functionalities you are most likely to encounter.
Pattern matching: The IDS and IPS should include up-to-date signatures of known threats that compare traffic to those signatures and a facility for keeping the system updated with the most recent threat patterns.
Heuristics and behavior-based analysis: Comparing the nature and behavior of the network traffic to what is expected or what is the norm.
Inbound and outbound SSL inspection: The system will decrypt and inspect encrypted traffic. Review on-board capability versus off-load inspection to a secondary appliance.
User and application network visibility: Perform on board analytics and offer reporting to display which users and which applications are consuming network bandwidth.
Granular application service control: The ability to author and enforce policy rules.
Network access policy based on location and IP/URL reputation: Ability to create a white list of countries it performs business with and block traffic IP addresses know to be bad actors
Network access policy based on web category: The facility to author and enforce your organization’s policies to block employee access to legitimate sites that are deemed inappropriate.
Integration with other vendors’ advanced malware protection solutions: The ability to expose a web services API so that the organization can employ industry standard/open standard web services integration to integrate the various components deployed and operated for cyber security defense
Forensics: Ability to offer a basic packet capture capability to provide necessary evidence to an organization's forensics team when investigating an attack
Data leakage protection: Author and enforce policy that detects and blocks when credit card numbers, social security number and other personal, identifiable information is observed on the network. This capability can be useful when working with auditors who are performing PCI and HIPAA assessments.
Embedded bypass: Ensures that network traffic will continue to flow in the event the appliance fails.
Read our reviews of leading security specialists latest tools:
⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new
Helpful advice on planning your purchase of IDS and IPS tools:
- How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
- 3 key factors to plan your budget for an intrusion protection system