110 likes | 245 Views
Five steps to IDS success. Rebecca Bace President/CEO Infidel, Inc. Venture Consultant, Trident Capital infomom@infidel.net. Overview of today’s discussion. The five steps to IDS success Step 1 – Assessing your needs Step 2 – Assessing your resources
E N D
Five steps to IDS success Rebecca Bace President/CEO Infidel, Inc. Venture Consultant, Trident Capital infomom@infidel.net
Overview of today’s discussion • The five steps to IDS success • Step 1 – Assessing your needs • Step 2 – Assessing your resources • Step 3 – Selecting the IDS that represents the best fit • Step 4 – Tuning the IDS to your environment • Step 5 – Using what the IDS tells you (Response) • Bonus round – Loose ends and ongoing debates
The five steps to IDS success • Intrusion detection is an established solution. • Adding IDS to your enterprise can be frustrating and costly. • Success depends on making clear decisions about which IDS you use and how you use it.
Step 1 : Assessing your needs • What are your goals and constraints? • Acceptable risk levels • Do they differ for different parts of the enterprise? • Legal and regulatory requirements • Organizational culture • Buttoned down vs. free spirits • The nature of assets you need to protect • Connectivity • Data assets
Step 2 : Assessing your resources • What is your technology budget? • Can you acquire additional funds when you need them? • What is your level of personnel support? • What is your level of authority within the organization? • Do you report to the CEO/CIO or further down the management stack? • Do you have a security policy? A security program? Enforcement authority?
Step 3 : Selecting the IDS that represents the best fit • Passive or active monitoring • What type of detection analysis? • Signature/pattern recognition • Model-based • Anomaly-based • Software or hardware form factor • Sensor placement • What about IPS?
Step 4 : Tuning the IDS to your environment • How do you configure and tune the IDS you’ve selected? • What are product features and support provisions to assist you in this configuration? • Eliminating false positives • Is a monolithic IDS installation the right fit for your environment?
Step 5 : Using what the IDS Tells You (Response) • IDS logs (and what to do with them) • On the importance of using report generation features • Retention policies for IDS output • Feedback constructs for IDS processes
Bonus round : Loose ends and ongoing debates • To SIM or not to SIM? • How do you scale IDS across enterprises? • How is IDS strategy affected by modern trends? • Deperimeterization • Mobile Computing • Is IDS here to stay?
Questions, anyone? Submit your questions by entering them in the text field on the lower right corner of your screen.
Thank you for participating in today’s webcast. For more information on IDS best practices and to access this webcast on demand, visit our Featured Topic: www.searchSecurity.com/FeaturedTopic/IDSbestpractices Contact Rebecca Bace at infomom@infidel.net