New White Paper on Selecting an IPS

I wrote an Opus One white paper on how to select a Network-based IPS which is now available:

http://www.juniper.net/solutions/literature/white_papers/select_ips.pdf

Juniper is hosting the white paper and did the layout & graphics, although there is no Juniper-specific content in the paper (and Juniper didn't have editorial control). It discusses signature-based IPS, rate-based IPS, and NBAD-ish IPS as options. Because most of the products out there are signature-based (and because of space constraints), I mostly concentrate on signature-based IPS.

The goal of the white paper is to lay out a methodology for deciding what kind of IPS (if any) is right for your network, and then giving a series of steps to go through to decide what type of IPS is the right one for your network.

Here's the first paragraph:

Executive Summary: Network Intrusion Prevention Systems (IPS) can
be extremely effective pieces of your overall network security strategy.
However, the IPS marketplace is filled with products that all do very different
things and are suitable for very different environments. Therefore, buyers
beware, because simply throwing any IPS into the network without careful
consideration can be a costly error, both in terms of capital outlay and
operational provisions.

jms


--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms@xxxxxxxxx http://www.opus1.com/jms

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Re: New White Paper on Selecting an IPS
    ... Juniper is hosting the white paper and did the layout & graphics, ... It discusses signature-based IPS, rate-based IPS, and NBAD-ish IPS as ... go through to decide what type of IPS is the right one for your network. ...
    (Focus-IDS)
  • Re: IPS, alternative solutions
    ... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
    (Focus-IDS)
  • RE: ASIC Based IPS
    ... IPS performs on each network stream can be done in parallel, ... There are 2 ways to achieve parallelism: ... The benefits of speed come about when you start using ASICs in parallel ...
    (Focus-IDS)
  • NADS ( was RE: IPS comparison)
    ... One thing that does bother me is how IPS has been ... great at the perimeter or other "choke points" in the network. ... NADS gives much of the value of traditional network ... that detection by itself is just not enough. ...
    (Focus-IDS)
  • RE: Network hardware IPS
    ... Subject: Network hardware IPS ... > Intrusion Prevention and Traffic Shaping Technology to: ...
    (Focus-IDS)