• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

What IPS/IDS Do You Recommend?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri Apr 15, 2011 6:10 pm    Post subject: What IPS/IDS Do You Recommend? Reply with quote

Just curious (and to get discussion flowing a bit) - can anyone recommend a good IPS/IDS appliance for business use? I know that Snort is fantastic. However, does anyone have an actual appliance that is pre-built that they can recommend?

I know that a lot of the firewall manufacturers have IPS/IDS inherently built-in (or via add-in card), but just wanted to hear if anyone uses any alternatives that they like?

Thanks,

//PhiBer
Back to top
View user's profile Send private message
Jafer
Just Arrived
Just Arrived


Joined: 30 Oct 2010
Posts: 0
Location: UK

Offline

PostPosted: Mon May 09, 2011 1:42 pm    Post subject: Reply with quote

The best IPS appliance out there today is Mcafee, this is according to Gartner who are a huge IT solution researching testing company. Personally I have actually played with Mcafee Network Security Platform (IPS) and it is actually a fantastic product.

Yes there is IPS functionality built into UTM firewalls and I have had experience with a few vendors, Fortinet's IPS built into their UTM is very good and granular. I have installed Fortinet for a company using it just for IPS and works fine.

Other UTMs with IPS to look at are the big boys, Cisco, Juniper and Checkpoint.

If you are looking for just IPS then Mcafee, Sourcefire, IBM, Juniper, HP are all good solutions.
Back to top
View user's profile Send private message Visit poster's website
krugger
SF Mod
SF Mod


Joined: 08 Jun 2006
Posts: 16777209


Offline

PostPosted: Tue May 10, 2011 1:36 am    Post subject: Reply with quote

Well before you get a IDS/IPS, do you have anyone to look and tune it?

Most IDS/IPS deployments are not properly configured and will give you over 95% false positives. If you don't look at your server logs adding another log generating tool will not help you much.
Back to top
View user's profile Send private message
Jafer
Just Arrived
Just Arrived


Joined: 30 Oct 2010
Posts: 0
Location: UK

Offline

PostPosted: Tue May 10, 2011 10:32 am    Post subject: Reply with quote

Very true krugger. You will need to fine tune policies for your environment. Although good thing with most IPS systems they give you a variety of deployment options. Mcafee's IPS can be deployed as a sniffer, and this is what they recommended to do initially when I was setting it up.

So first you would implement IPS as a monitoring and alerting device only so you are able to see what the IPS system is reporting back and would block if it was in blocking mode. From here you can fine tune, allowing false positives. Once after you feel your IPS is performing accurately for your environment, then you can deploy in line with full IPS functionality.
Back to top
View user's profile Send private message Visit poster's website
georgec
SF Staff
SF Staff


Joined: 15 Nov 2010
Posts: 0


Offline

PostPosted: Fri Jul 08, 2011 5:37 pm    Post subject: Reply with quote

There are companies providing such services. They have security experts that can perform thorough scans and other tests of your setup.
Back to top
View user's profile Send private message Visit poster's website
Burzum
Just Arrived
Just Arrived


Joined: 25 Sep 2012
Posts: 3


Offline

PostPosted: Tue Sep 25, 2012 1:45 am    Post subject: Reply with quote

As stated above this is relative to the network environment.

Snort would rather be for the more savvy, however it's still basic administration to say the say the least.

A business network environment can be big or small and you find thorough hardening should be implemented in the network depending on the importance of privacy, the importance of the data flow and content on the stubs.

First thing from a professional point of view before implementing IDS or any other intrusion detections systems would first be to determine this and analyze the network.

The first grid in business security is to properly configure the policies and Work Groups inside the local network and to have fire walling.

Consider a physical firewall device for extra security, and again depending on the nature of your environment a software firewall should not always be relied upon.

You might also consider a switch device for more secure routing.

Have you addressed these things first?

Prevention is sometimes more appreciated, than have and know you been fooled and thieved.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register