IPS Implementaion

I was wondering if anyone knows of any
documents/papers/book/suggestions on the proper way to implement an
IPS in a large environment. We had a vendor install the IPS units,
and they were supposed to tune the signatures and apply filters,
however there is still a lot of work to be done. I have been tasked
with putting a plan together to get these units to begin automatic
blocking instead of currently only watching traffic, but unfortunately
I only have experience using Snort in a small environment without a
lot of abnormal traffic. All the books I've been able to find online
are either out of date or inadequate. Any help would be greatly


Chris Moore

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.