What IPS/IDS Do You Recommend?

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: PhiBerLocation: Your MBR PostPosted: Fri Apr 15, 2011 6:10 pm    Post subject: What IPS/IDS Do You Recommend?
Just curious (and to get discussion flowing a bit) - can anyone recommend a good IPS/IDS appliance for business use? I know that Snort is fantastic. However, does anyone have an actual appliance that is pre-built that they can recommend?

I know that a lot of the firewall manufacturers have IPS/IDS inherently built-in (or via add-in card), but just wanted to hear if anyone uses any alternatives that they like?



Author: JaferLocation: UK PostPosted: Mon May 09, 2011 1:42 pm    Post subject:
The best IPS appliance out there today is Mcafee, this is according to Gartner who are a huge IT solution researching testing company. Personally I have actually played with Mcafee Network Security Platform (IPS) and it is actually a fantastic product.

Yes there is IPS functionality built into UTM firewalls and I have had experience with a few vendors, Fortinet's IPS built into their UTM is very good and granular. I have installed Fortinet for a company using it just for IPS and works fine.

Other UTMs with IPS to look at are the big boys, Cisco, Juniper and Checkpoint.

If you are looking for just IPS then Mcafee, Sourcefire, IBM, Juniper, HP are all good solutions.

Author: krugger PostPosted: Tue May 10, 2011 1:36 am    Post subject:
Well before you get a IDS/IPS, do you have anyone to look and tune it?

Most IDS/IPS deployments are not properly configured and will give you over 95% false positives. If you don't look at your server logs adding another log generating tool will not help you much.

Author: JaferLocation: UK PostPosted: Tue May 10, 2011 10:32 am    Post subject:
Very true krugger. You will need to fine tune policies for your environment. Although good thing with most IPS systems they give you a variety of deployment options. Mcafee's IPS can be deployed as a sniffer, and this is what they recommended to do initially when I was setting it up.

So first you would implement IPS as a monitoring and alerting device only so you are able to see what the IPS system is reporting back and would block if it was in blocking mode. From here you can fine tune, allowing false positives. Once after you feel your IPS is performing accurately for your environment, then you can deploy in line with full IPS functionality.

Author: georgec PostPosted: Fri Jul 08, 2011 5:37 pm    Post subject:
There are companies providing such services. They have security experts that can perform thorough scans and other tests of your setup.

Author: Burzum PostPosted: Tue Sep 25, 2012 1:45 am    Post subject:
As stated above this is relative to the network environment.

Snort would rather be for the more savvy, however it's still basic administration to say the say the least.

A business network environment can be big or small and you find thorough hardening should be implemented in the network depending on the importance of privacy, the importance of the data flow and content on the stubs.

First thing from a professional point of view before implementing IDS or any other intrusion detections systems would first be to determine this and analyze the network.

The first grid in business security is to properly configure the policies and Work Groups inside the local network and to have fire walling.

Consider a physical firewall device for extra security, and again depending on the nature of your environment a software firewall should not always be relied upon.

You might also consider a switch device for more secure routing.

Have you addressed these things first?

Prevention is sometimes more appreciated, than have and know you been fooled and thieved.

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group