What makes one intrusion prevention system (IPS) better than another? Is it the total number of security filters? The overall performance of the device? Or maybe the number of known network attacks that the system can help block?
When it comes to intrusion prevention -- and to detecting and blocking unwanted or malicious network traffic -- the focus should be on quality, not quantity. Organizations that are choosing an IPS vendor should start by assessing the quality of a solution's attack coverage. Certainly, there are other factors to consider -- reliability, performance, manageability, scalability, and technical support -- but the quality of attack coverage goes to the heart of the value proposition of any potential security solution. It really comes down to this: How thorough is the solution at preventing network attacks?
The best way to answer that question -- short of deploying a solution in your live environment -- is to assess a vendor's solution on the five building blocks of attack coverage:
Knowledge of applications,
threat engine performance,
breadth and depth of coverage,
accuracy, and
timeliness.
Read this whitepaper to learn more about these basic elements of attack coverage and how they apply to an intrusion prevention solution assessment.
