10 tips for implementing IPS securely

By Phil Lerner, VP technology, Stonesoft Americas, Network World |  Security, intrusion prevention system, IPS

It's important not to confuse an exploit with the method. Stuxnet becomes visible when it hits the target; it stays there and is easy to investigate once the code is isolated and recognized. AETs can be analyzed if your IPS records all traffic, not just what is logged by the security devices. Ask your IPS vendor what its strategy is for dealing with AETs.

3) Event correlation. Event correlation helps to reduce false positive events and provide accurate protection for network services and intranet users. Event correlation looks at log data from one or more sensor engines, searching for malicious event sequences, preferably in real-time. Event compression cleans repeating log events and minimizes the bandwidth requirements from remote offices back to the data center. A good event correlation engine can alert the IPS to isolate an attacker or network worm on all firewall and IPS engines simultaneously, minimizing the damage to network services and clients.

4) Web filtering. A great enhancement for your IPS is Web filtering, which provides multiple benefits such as increased security by preventing access to known malware and phishing sites, as well as improved work efficiency and bandwidth usage by blocking access to unwanted websites. Advanced Web filtering systems can offer plenty of options, such as blacklists and whitelists where you can set rules for the entire network. You should also be able to produce reports of Web browsing habits and activities.

5) SSL inspection. SSL inspection is vital in ensuring that no attacks, viruses or other unwanted content can enter or exit the organization's network by disguising itself inside the encrypted HTTPS channel. SSL inspection gives administrators the ability to monitor traffic inside the TLS/SSL encryption and detect and react to any unwanted content. Your IPS should have a controlled way to open the encryption in the network and to submit the encrypted traffic for the same inspection as the clear-text HTTP data, eliminating this important blind spot in network protection. In addition, SSL inspection is important for meeting the PCI DSS requirements.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question