Five steps to IDS success

Rebecca Bace

President/CEO Infidel, Inc.

Venture Consultant, Trident Capital

infomom@infidel.net

Overview of today’s discussion

• The five steps to IDS success

• Step 1 – Assessing your needs

• Step 2 – Assessing your resources

• Step 3 – Selecting the IDS that represents the best fit

• Step 4 – Tuning the IDS to your environment

• Step 5 – Using what the IDS tells you (Response)

• Bonus round – Loose ends and ongoing debates

The five steps to IDS success

• Intrusion detection is an established solution.

•Adding IDS to your enterprise can be frustrating and costly.

•Success depends on making clear decisions about which IDS you use and how you use it.

Step 1 : Assessing your needs

•What are your goals and constraints?

•Acceptable risk levels• Do they differ for different parts of the enterprise?

•Legal and regulatory requirements

•Organizational culture• Buttoned down vs. free spirits

•The nature of assets you need to protect• Connectivity

• Data assets

Step 2 : Assessing your resources

•What is your technology budget?• Can you acquire additional funds when you need

them?

•What is your level of personnel support?

•What is your level of authority within the organization?• Do you report to the CEO/CIO or further down the

management stack?

•Do you have a security policy? A security program? Enforcement authority?

Step 3 : Selecting the IDS that represents the best fit

•Passive or active monitoring

•What type of detection analysis?• Signature/pattern recognition

•Model-based

• Anomaly-based

•Software or hardware form factor

•Sensor placement

•What about IPS?

Step 4 : Tuning the IDS to your environment

•How do you configure and tune the IDS you’ve selected?

•What are product features and support provisions to assist you in this configuration?

•Eliminating false positives

• Is a monolithic IDS installation the right fit for your environment?

Step 5 : Using what the IDS Tells You (Response)

• IDS logs (and what to do with them)

•On the importance of using report generation features

•Retention policies for IDS output

•Feedback constructs for IDS processes

Bonus round : Loose ends and ongoing debates

•To SIM or not to SIM? • How do you scale IDS across enterprises?

•How is IDS strategy affected by modern trends?• Deperimeterization

•Mobile Computing

• Is IDS here to stay?

Questions, anyone?

Submit your questions by entering them in the text field on the lower right corner of your screen.

Thank you for participating in today’s webcast. For more information on IDS

best practices and to access this webcast on demand, visit our Featured Topic:

www.searchSecurity.com/FeaturedTopic/IDSbestpractices

Contact Rebecca Bace at infomom@infidel.net