Don’t get stuck choosing between on or the other. Ideally you want to find an IDS and IPS solution that integrate – forming IDPS – for full detection and response capabilities. IDS will give you a deep understanding of how traffic is moving across your network, while IPS provides active network security by preventing and remediating detections.
Making an informed decision
Not all security solutions are the same. Some vendors are marketing masters who make a lot of noise in the industry, but in reality, they have subpar products. First, you need to assess and prioritize your organization’s risk to get the full picture of what you need from a solution. Then, you’re ready to shop. To make an informed and educated decision about your intrusion detection and prevention solutions, ask the following technical and non-technical questions:
Technical questions:
1. What technologies does the product use to detect threats? Look for a combination of deep packet inspection, threat reputation, URL reputation, on-box SSL inspection, and advanced malware analysis on a flow-by-flow basis to proactively detect threats. This will also help reduce the number of false positives,…
