2015-10-25T12:49:54Z
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
  • 4
  • 34

When evaluating Intrusion Detection, what aspect do you think is the most important to look for?

Let the community know what you think. Share your opinions now!

5
PeerSpot user
5 Answers
RN
User at sev1tech
User
2021-11-22T14:56:28Z
Nov 22, 2021

So.. the technical aspects of your ID should be based on your environment. 


So not trying to oversimplify or downplay the need for the IDS to meet your technical thresholds, but those get discussed a lot. Operational impacts/criteria are often overlooked, in my opinion.  I think the key factors are usability (how easy it is to train my folks to use it? how easy is it to integrate it into my operational processes, etc.) and interoperability with my current security ecosystem. 


If I have to do a lot of tweaking to get it to work or I need a workaround to get feed accuracy then I'm probably not inclined to pursue a product. 


Tuning is one thing. I expect that, but I don't expect the coding equivalent to duct tape and bubblegum to get it to talk and interact with my SIEM, SOAR, etc. 

Search for a product comparison in Intrusion Detection and Prevention Software (IDPS)
Simon Janin - PeerSpot reviewer
CEO at X80 Security
User
2020-07-08T15:05:45Z
Jul 8, 2020

From a pure cyber security and technical point of view the most important aspects are: (1) The detection rate and (2) The width of coverage (how much attack surface is protected).


For the first one, it is unfortunately very difficult to assess the detection rate of a solution unless you are an expert with a large dataset of threats (known and unknown) at your disposal to benchmark the solution against. In any case, you should make sure the solution is capable of detecting unknown and novel threats - this is, the solution must go beyond heuristics and possess a profound understanding of cyber threats.


Second, the width of coverage means that the solution covers a large number of threat verticals but more importantly is deployed at anywhere where a threat may appear. In several cases, customers do not cover all the areas of their network.

reviewer1244643 - PeerSpot reviewer
User at a government with 1,001-5,000 employees
User
2019-12-05T14:24:20Z
Dec 5, 2019

- Capabilities, if we don't understand what these are it is unlikely we will have a success story.
- The expertise to operate
- Product documentation
- Training provided by a supplier
- Best practices
- Successful use case scenario (ideally from the same industry),
- Pricing (matters for local gov), etc.

RF
User at Gigamon
Vendor
2019-11-01T18:57:27Z
Nov 1, 2019

Education, documentation, use cases and best practices.

it_user407616 - PeerSpot reviewer
Chief Marketing Officer at Fortscale
Vendor
2016-03-17T05:28:21Z
Mar 17, 2016

Documentation. Algorithmic transparency. Ability to get someone smart on the phone FAST at the vendor, without going through gatekeepers. Confidence levels (statistical validity).

Learn what your peers think about KerioControl. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
672,411 professionals have used our research since 2012.
Related Questions
NC
Content Manager at PeerSpot (formerly IT Central Station)
Nov 3, 2022
Why should a company invest in IDPS?
See 2 answers
Beth Safire - PeerSpot reviewer
Tech Blogger
Sep 14, 2022
One of the more crucial components of a company's overall security plan is an IDPS. Since a typical company generates too much data for any human analyst to discover signs of intrusions, the IDPS detects intrusions and alerts security teams about events that need to be investigated. An IDPS performs auditing as well, and identifies vulnerabilities caused by configuration errors that are often missed by the human eye. Additionally, an IDPS may be able to identify suspicious traffic that might indicate an oncoming attack. The ability to detect and prevent a variety of threats that cannot be automatically identified by firewalls, antivirus software, and other organizational security controls is the most significant advantage offered by an IDPS. IDPS solutions combine a number of approaches to help prevent and detect attacks. Based on continuous monitoring over periods of time, IDPS systems generate analytics to create a baseline of typical activity; subsequent deviations from these baselines can signify attacks. This is especially useful for identifying distributed denial-of-service assaults, but it may also be used to spot malware inside an organization by looking for unusual patterns of network activity. While many network security measures can parse and examine email and web activity, they are unaware of the specific apps carried within web traffic. This greatly reduces their ability to detect application-borne attacks. A typical IDPS solution will have sophisticated application detection capabilities. IDPS can restrict the executables that can be run. Threat intelligence can also be provided to an IDPS, allowing it to restrict IP addresses, websites, URLs, or other organizations, depending on their previous activity.
GM
Baobab College logo System Administrator at Baobab College
Nov 3, 2022
In simple terms, it aid in the early detection of harmful behavior within a network. In my opinion, it gives an upper hand against any attcks... If configured properly and are using an excellent intrusion detection and prevention platform system, you can safely manage your network with less hustle
NC
Content Manager at PeerSpot (formerly IT Central Station)
Nov 3, 2022
Why do you recommend that particular solution?
See 2 answers
Beth Safire - PeerSpot reviewer
Tech Blogger
Sep 11, 2022
We are using Darktrace as our IDPS solution and are very satisfied with its features and capabilities. It is very user-friendly once you understand how it works and understand the type of permissions that you need in order to access your security network. Below are some of the main advantages of using Darktrace: Easy setup: The initial deployment is very straightforward. The setup of the solution takes probably under one hour. The only thing that we needed to set up Darktrace is a connection on the core switch with a mirror port and some space on the rack. After that, we connect the appliance to the core switch, and that's it. User-friendly: The user-interface is outstanding and provides you with a lot of information. You can see your entire network traffic and traces in 3D. I particularly like the real-time monitoring and analytics of our network. The reporting is great because there is a seven-day reporting period within the system. Every time you run the reports, it gives you the real-time data about the previous seven days. The reports give you a very clear picture of what is happening over the network on a real-time basis. Mobile monitoring: Darktrace also provides mobile monitoring. Using an app on your mobile phone, you can view your system information live. This is something that is very useful for area directors and field engineers. Scalability: If you need more appliances to support the infrastructure, Darktrace is very simple to scale. The only thing that needs to be done is to connect your appliances to your rack’s switch. Once it is on the main console, you just need to assign the roles to every new appliance, and you are set. Support: Technical support is excellent. The support has fast response times. You can contact them via email, WhatsApp messages, and more. They offer their support in many locations around the world so they are pretty much available 24/7. Threat detection: Darktrace plays an important part in our company’s security detection strategy. It dramatically reduces the time we spend detecting and resolving security issues. This is due to its wonderful user interface that displays all types of network logs in simple graphs and analyses.One of the most valuable features of Darktrace is the artificial intelligence and advanced machine learning capabilities they offer for cybersecurity. The solution can detect threats over the network before they spread. It also sends you notifications detailing what the threat is doing and gives you a lot of information about the execution of the application that created the threat over your network.Darktrace also has a library of local and international threat detections and how they were resolved. This information helps make Darktrace more proactive in dealing with threat alerts and detection. We find that this service is very comprehensive and can cover all security areas effectively. One improvement we would like to see is some endpoint protection for remote workers. Nowadays, most people are working remotely so they should include some type of sensor that can be installed on the endpoint in order to directly report the main usage and protect remote users.
GM
Baobab College logo System Administrator at Baobab College
Nov 3, 2022
We are using kerio control as a firewall and it has IDPS module which does a good. You can enable the log messages to check the intrusions been dropped at real time. I also like how it update its database like every after 10minutes or so.... 
Related Articles
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. We are based on Sophos' annual report on cyber threats, which discusses the continuity of ransomware...
GG
IT Engineer at UTMStack
Aug 15, 2021
What is HIDS in Cybersecurity? A HIDS (Host Intrusion Detection System) is software that detects malicious behavior on the host. It monitors all the operating system operations, tracks user behavior, and operates independently without human assistance. How does a Host-based Intrusion Detection System work? HIDS operates at the OS level, unlike others antivirus systems that operate at the a...
See 1 comment
SB
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Aug 15, 2021
Thanks for sharing its very informative
Related Articles
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
An Overview of Ransomware in Healthcare Organizations in 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industr...
GG
IT Engineer at UTMStack
Aug 15, 2021
What is HIDS? – A guide about the HIDS tools
What is HIDS in Cybersecurity? A HIDS (Host Intrusion Detection System) is software that detec...
Download Free Report
Download our free KerioControl Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
672,411 professionals have used our research since 2012.