Six Steps To Choosing Your Next Gen Intrusion Prevention System

Six Steps To Choosing Your Next Gen Intrusion Prevention System

New technologies bring new challenges

six steps to choosing your next gen instrusion prevention systemToday’s IT professionals—regardless of industry—are adopting the latest technologies to meet increasing bandwidth demands, create higher and faster performing networks and increase availability as cost-effectively as possible. But new technologies bring new challenges, and organizations’ IT departments must rapidly adjust to the latest technologies while keeping their already stressed network infrastructures stable and secure. As such, the most common question when adopting a new technology or device is simply: How can I be sure the solution I choose will perform as expected in my network?

If the new deployment involves next-generation firewalls or Intrusion Prevention Systems (IPS), this decision can have added challenges. The sophisticated high-performance network and security devices within these infrastructures require a more comprehensive approach to testing and validation than traditional testing tools can provide. Today’s devices use deep packet inspection (DPI) to examine traffic in ways that legacy testing tools were never designed to validate.

These devices, and the complex traffic they handle, demand testing with real-world application, attack and malformed traffic at line-rate speeds. Without this improved approach, contentaware equipment cannot be stressed thoroughly or accurately enough to determine its true capabilities. That’s why companies are turning to an objective testing approach that allows them to impose their own conditions during pre-purchase evaluations, ensuring that they can rigorously validate device capabilities under real-world scenarios, including the applications they must handle, actual user behavior and the attacks they expect to see. Doing this prior to deployment will not only save time and money, but it also ensures that the network remains resilient. Therefore, it’s imperative that IT buyers follow the six steps outlined below to make informed purchase decisions, eliminating costly post-deployment troubleshooting.

Create and prioritize specifications for products to be evaluated. As with any project, it is wise to begin with the end goal in mind. Before considering any piece of equipment, define and prioritize the company’s needs for infrastructure build-out. Otherwise, it is too easy to dive into questions of “speeds and feeds” without taking into account broader objectives. A good way to start is by asking fundamental questions. How should the infrastructure support key objectives? What are the transaction latency requirements? How important is the security of transactions in comparison to their speed? Which services are most sensitive, requiring the highest levels of security? Is application inspection necessary?

Rethink testing around repeatable, quantitative principles. Create a plan for stressing each device under test (DUT) with realworld application, attack and malformed traffic at heavy load. Doing this is not as simple as taking the older, ad hoc approach to testing and then injecting authentic traffic. Instead, the entire plan should embrace a standardized methodology and scientific approach to eliminate guesswork. That means the plan must use repeatable experiments that yield clear, quantitative results to accurately validate the capabilities of DPI-enabled devices. Previously, IT professionals have lacked the precision equipment necessary to enforce consistent standards across testing processes. Today, however, they have access to superior testing products that create authentic network traffic and capture precise measurements of its effects, even for complex environments.

Use standardized scores to separate pretenders from contenders. It is relatively straightforward to use standardized scoring methods to pare down a long list of candidate devices without performing comprehensive validation of each product. These scores quickly eliminate devices from consideration that clearly do not meet an organization’s needs. The resulting score is presented as a numeric grade from 1 to 100. Devices may receive no score if they fail to pass traffic at any point or if they degrade to an unacceptable performance level. The Resiliency Score1 takes the guesswork and subjectivity out of validation and allows administrators to quickly understand the degree to which system security will be impacted under load, attack and real-world application traffic.

Test final contenders with individual test scenarios that mirror the production environment. True validation requires an accurate understanding of the application, network and security landscape in which devices will be operating. Review the infrastructure’s traffic mix and the mixes of service providers before designing individual tests; this will ensure that the testing equipment reflects the latest versions and types of application traffic that traverse the network. However, generating real traffic is not enough. The traffic mix used also must be repeatable yet random. Randomization makes test traffic behave like real-world traffic, creating unexpected patterns that force DUTs to work harder. Creating repeatable, random traffic requires testing equipment that uses a pseudorandom number generator (PRNG) to set a seed value that creates standardized, random traffic.

Execute a layered testing progression that includes load, application traffic, security attacks and other stress vectors. This is where the scientific method comes into play. By changing only one variable at a time and testing the parameters established earlier, this progression will reveal the specific strengths and weaknesses of each product, replacing guesswork with verifiable results. The processes in this phase ensure that a DUT can adequately handle heavy load, in terms of both sessions and application throughput. If the device cannot pass these tests with traffic known to be free of attacks, there is no way it will process enough traffic once its security features are turned on or when it also must handle malformed traffic or other stress vectors.

Lay the groundwork for successful purchase negotiation, deployment and maintenance. Deploying untested network and security devices creates nightmare scenarios. Untested equipment requires weeks of post-deployment troubleshooting that is frustrating and time-consuming, and often leads to finger-pointing and costly remediation steps. This is particularly true when device outages, security breaches or unplanned bottlenecks affect entire infrastructures; such failures can damage an organization’s reputation. Testing pre-deployment minimizes the risk of these problems and saves hundreds of hours of staff time by eliminating surprises and guesswork. Selecting the right device is about more than finding the right make and model, it also means choosing the right amount of equipment for the infrastructure in order to meet business needs.

IT departments should look for information that goes far beyond the performance and security features that can be read off a data sheet. They should be measuring the security and stability of their IPSs based on real-world conditions, not generic conditions in a lab. Another common mistake that IT departments make is relying on test lab reports to make informed decisions. Labs often perform device testing in isolation, without regard to the unique environments of purchasers. Also, test lab reports are often funded by device manufacturers, which inevitably raise objectivity questions. Ultimately, IT departments choose a firewall vendor, but they never feel as though they truly understand how well the device is going to work. Will it actually recognize the difference between applications, even at a granular level, such as the difference between Facebook traffic and Facebook messaging traffic? Putting that next-gen firewall/IPS through proper context-aware testing is the only way to be confident it will perform as advertised.

If IT leaders follow these technical recommendations and avoid making common mistakes, they can select the right products to meet their business objectives, improve infrastructure planning and resiliency by understanding device capabilities and save up to 50 percent on IT investments. This also eliminates hundreds of man-hours in post-purchase configuration and tuning, and gives purchasers advanced insight into device capabilities, enabling them to configure devices appropriately in order to avoid surprises and delays.

This article originally appeared in the February 2013 issue of Security Today.

Featured

  • Survey Shows Election Anxiety Crosses Party Lines

    New reports of election worker intimidation are raising concerns about election interference. A majority of Americans (71%) are worried about voter intimidation or safety at the polls, and 75% want security cameras at their voting place, according to a new national survey. Read Now

  • 66 Percent of Cybersecurity Pros Say Job Stress is Growing

    Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • Live from GSX 2024: Post-Show Recap

    Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now

    • Industry Events
    • GSX
  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3