Site   Web

June 17, 2016

8 Things to Consider When Evaluating Intrusion Detection Systems

More and more businesses are implementing bring your own device policies for their employees, necessitating the implementation of a proper network security policy. Employees can have many devices hey utilize for work purposes. Smartphones, tablets and laptops are part of people’s lives, both privately and for business, and it makes sense to allow them to use these devices if it helps them do their job. The problem is, when a person uses his or her personal device for work purposes, he/she could be opening up the business’ network and information to unwanted users.

The first a step to prevent problems is to create a robust BYOD security policy that all employees have to follow. In theory, if everyone followed the policies that are set, the business network and information would be safe and secure. The reality is that this will not always happen. People make mistakes, different devices have vulnerabilities and things happen. As an additional layer of protection, businesses should use an ‘Intrusion Prevention and Detection System’ that lets them know when danger is near.

What are Intrusion Detection Systems (IDS)?

Most systems are broken down into two areas. The first is intrusion prevention. The goal of this is to prevent an unauthorized user from accessing the network at all. The second part is detection. When an unauthorized user is able to access the network, the system needs to be able to notice it and it has to be able to notify the people that can stop the intrusion. Intrusion prevention and detection software is designed to prevent problems from happening before they occur, instead of leaving the business to figure out how to fix the damage that an unauthorized user was able to cause before it was discovered. It is an example of a business being proactive rather than reactive.

What to Look at in an IDS Software?

Not all intrusion detection and prevention systems are the same. It is important a business find the right system that meets all of its needs. The needs of the business should include security, ease of use, cost and quality.

Business should consider the following eight things that the as they search for the system to use.

  1. Learn what is needed – The first thing that a business needs to do is research both its business and the systems that are available. It is never a good idea to buy an intrusion prevention system and hope that it can be used. Instead, it is best to search for a provider of these systems that will also offer support. Before choosing a system, it is a good idea for the business to evaluate their needs. From there, a business can work with a provider of these services to determine what features will help the business and what is not needed. It takes a little bit of time and effort to determine exactly what a business needs to get started.
  2. Is the network going to support the system – A business network needs to be able to support the intrusion prevention system. The implementation of these systems can require some configuration of the network and the best way to make sure this can be done is if there is support from the staff that is responsible for operating the network. Without the support of the network, the intrusion systems may not be able to work the way they are designed.
  3. How is the budget considered – The cost of the IDS and IPS systems needs to be considered carefully. Although security is very important, the amount that is spent also needs to make sense. Cost-based alternatives need to be considered. When it comes to the sensor, the cost will go up depending on the speed of the network. There are effective ways for a business to address these cost concerns such as spreading the cost out over time or employing fewer sensors. These decisions need to take into account both present and future needs.
  4. Remember the wireless networks – Many businesses are relying on wireless technology for their networks more and more. In order for the intrusion detection systems to work, it needs to also work with the wireless network. If the business decides to download IDS software, is needs to make sure it is compatible with both wired and wireless systems, just like Snort – a popular IDS software by CISCO.
  5. What happens when something happens – The goal of IPS systems is to prevent any security events from happening, but that is not always going to be the case. The IDS system will detect when an intrusion is occurring, but what happens next may be the most important part. Different systems will provide different types of information to the user. It is important that the user gets timely information so he or she can stop or correct any problems caused by an intrusion as quickly as possible.
  6. Can it be scaled? – Most businesses have a goal of growth. They want to get bigger and be more profitable. A good IDS and IPS system will be able to grow with the business. It is not a good idea to have to replace systems as the company grows, instead it is better to be able to add on to an existing system. It makes both fiscal and business sense to do it this way.
  7. Is there interoperability – The best systems will be able to work in a variety of ways and with a different system. They need to be able to utilize all of the different information, including firewall logs, system logs and other areas to provide the most protection. They should also be able to communicate with other intrusion detection and prevention systems.
  8. Include signature updates – Almost all of the intrusion prevention and detection systems rely on the signatures of computers to work. If the signatures are modified or changed, many of these systems will have a difficult time detecting the intrusion. The best systems will be able to update for the new or modified signatures to provide the best protection possible.

IDS and IPS systems are becoming a vital part of businesses big and small, but they are not perfect. Many businesses worry too much about the cost of the systems and not enough about the threat of intrusions. It is important for a business to take the time to learn what it needs and what the best system is if they want to keep their network as safe as possible.

What do businesses have to do to protect their network and what is the best way for them to do it? If you have any thoughts, idea or suggestions about this, please take the time to share them with us.


Sheza Gary has been a Project Strategist since 2009 and also involved in the launching of startups and tech companies in New York for over 5 years. She has keen interest in writing her own experiences about business plans and upcoming business supporting technologies. She loves public speaking.