Tuesday, December 19, 2006

Buy an IPS with the most signatures!!! I don't think so.......

Look before you leap, still waters run deep. It's a trap and you are the prey....The number of IPS signatures has no bearing what-so-ever in regards to, how well protected you are with a specific IPS device. Vendors who typically have “REGEX” signatures, vulnerability signatures, application inspection and anomaly detection, may have as many as 50% less signatures and provide more protection then vendors that don’t have this type of consolidated protection. Another thing to look for in IPS is how good is the device at catching IPS evasion techniques.

Many IPS vendors rely on the fact that they have more signatures. This is roughly equivalent to a football team claiming they are the best because they have the largest players. Watch for it, look for industry studies. Most of all, make sure you have an event correlation engine that will do forensic analysts for you. This should include all network devices and software security packages including: Anti Virus, Network Anti Virus, Computer Security both host and server, Intrusion Prevention, Software Firewalls and Hardware Firewalls and Most Intrusion Prevention.

I know this is a short message, sorry it’s Christmas week, but please, take this information into consideration when making a decision on the security posture of your company, and you will be more secure.

No comments:

With Great Power Comes Great Responsibility....raise the bar

With Great Power Comes Great Responsibility....raise the bar
Get Secure