What to watch: IDS and IPS features to consider when comparing products

Intrusion detection and prevention tools carry a range of features from forensics to pattern matching. Here's a look at the most important capabilities to beware of before buying a new system.
By Ephraim Schwartz
04:47 PM

When comparing the Intrusion Detection System or Intrusion Protection System from different vendors these are the functionalities you are most likely to encounter.

Pattern matching: The IDS and IPS should include up-to-date signatures of known threats that compare traffic to those signatures and a facility for keeping the system updated with the most recent threat patterns.

Heuristics and behavior-based analysis: Comparing the nature and behavior of the network traffic to what is expected or what is the norm.

Inbound and outbound SSL inspection: The system will decrypt and inspect encrypted traffic. Review on-board capability versus off-load inspection to a secondary appliance.

User and application network visibility: Perform on board analytics and offer reporting to display which users and which applications are consuming network bandwidth.

Granular application service control: The ability to author and enforce policy rules.

Network access policy based on location and IP/URL reputation: Ability to create a white list of countries it performs business with and block traffic IP addresses know to be bad actors

Network access policy based on web category: The facility to author and enforce your organization’s policies to block employee access to legitimate sites that are deemed inappropriate.

Integration with other vendors’ advanced malware protection solutions: The ability to expose a web services API so that the organization can employ industry standard/open standard web services integration to integrate the various components deployed and operated for cyber security defense

Forensics: Ability to offer a basic packet capture capability to provide necessary evidence to an organization's forensics team when investigating an attack

Data leakage protection: Author and enforce policy that detects and blocks when credit card numbers, social security number and other personal, identifiable information is observed on the network. This capability can be useful when working with  auditors who are performing PCI and HIPAA assessments.

Embedded bypass: Ensures that network traffic will continue to flow in the event the appliance fails.

Read our reviews of leading security specialists latest tools: 

⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new

Fortinet provides multi-threat protection through a single device integrated network

IBM Security offers a threat protection solution using both hardware and software integration

Juniper Networks uses static and dynamic inspection to manipulate files to detect malware

Damballa Failsafe looks for patterns of suspicious activity with machine learning

Symantec Endpoint Protection shields devices using reputation technology to identify threats

Helpful advice on planning your purchase of IDS and IPS tools: 

 

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.