The right choice
Not all intrusion prevention systems are created equal. James Collinge, Director of Product Line Management for TippingPoint, spoke to Jane Symonds about choosing the best solution for an organisation’s needs.
When clients look at options relative to intrusion prevention system deployment, key areas to consider include making sure they scope requirements in terms of performance,” Collinge said.
“Data centres are typically stringent in their performance requirements. You have to make sure the device can sit in line in the network and keep up with security requirements, but also not impact application and network-level performance.”
Collinge said the second key consideration was the vendor’s offering, and whether they took a proactive approach to security.
“Does the vendor look to identify problems in applications before ‘bad guys’ do? Can they keep up with research?”
According to Collinge, the key trends in the intrusion prevention marketplace are compliance, convergence and consolidation.
“Convergence of multiple security functions means consolidating the number of vendors you are dealing with. It saves the cost of managing, training costs, and skill set costs. Convergence is technical integration, but it also solves business problems.
“The third trend is towards consolidation. For example, a customer has consolidated from 25 small data centres to two large data centres. Key requirements in consolidation are maintaining high availability without impacting performance, and maintaining the breadth of security.”
Collinge warned intrusion prevention could not be ‘solved’ with the implementation of a particular solution.
“You can’t just deploy a control measure and then walk away and say, okay, my job is done. You have to continually keep up with the threats emerging, and how they can be mitigated.”
“Because of mobility, end users have to be educated on best practice. End-user training is just as important as any solutions deployed internally.”