Evaluating the IDS options

IDS and IPS monitoring technologies come in many flavors: anomaly detection, heuristics, traffic pattern analysis, application analysis, payload analysis, passive vs. active listening, and so forth. How is a buyer to choose?

Paul Proctor, vice president of the security and risk strategies practice at Meta Group, recommends weeding through the options by asking four key questions:

* What source of data you want to look at (network traffic, system logs, application logs, etc.)? This determines the type of monitoring that works in your environment.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

IDS and IPS monitoring technologies come in many flavors: anomaly detection, heuristics, traffic pattern analysis, application analysis, payload analysis, passive vs. active listening, and so forth. How is a buyer to choose?

Paul Proctor, vice president of the security and risk strategies practice at Meta Group, recommends weeding through the options by asking four key questions:

* What source of data you want to look at (network traffic, system logs, application logs, etc.)? This determines the type of monitoring that works in your environment.

•  What's the architecture of what you're trying to protect (distributed or centralized)? This determines whether you'll want agents or passive listening devices for network discovery. It also determines if you want in-line our out-of-line devices.

•  What's the mechanism to determine the intrusion? Is it anomaly-based or signature-based?

•  Your timeline. Do you want to detect before or use it for forensics after?

Read more about security in Network World's Security section.