|
 |
What are the Essential Characteristics of an IPS?
- In-line Operation -
only by operating in-line can an IPS device perform true protection and
block attacks or rate shape traffic.
- High Availability - As an in-line device, resilience
to adverse network conditions is paramount. Features such as dual power
supplies, Active-Active stateful network redundancy, and L2-switch fallback
are critical.
- Performance - The only way to guarantee high performance
and low latency under all conditions is with purpose-built hardware.
Architectures should include custom ASICs and high-speed backplanes. The
hardware should ensure that packets flow through the IPS with a bounded
latency measured in microseconds, independent of the number of filters that
are applied.
- Out-of-the-Box Accuracy -
Attack recognition accuracy is accomplished by combining the three broad
categories of filtering methods - Vulnerability-Based, Traffic Anomaly-Based
and Signature. Accuracy is imperative since false positives can lead to a
Denial of Service condition. Out-of-the-box, the user MUST be able to trust
that the IPS is blocking only malicious traffic without tuning.
- Usability -
An IPS must deliver best-of-breed management capabilities that are simple
to use yet powerful. A combination of centralized and local management is
required to ensure 100% accessibility. Centralized management should provide
global vision and control for enterprise-wide deployments. Management
features should include "big picture" analysis with trending reports,
network discovery, configuration and monitoring.
|
RSS FEEDS