Download presentation
Presentation is loading. Please wait.
1
Vendor Landscape: Intrusion Detection and Prevention Systems
Reduce risks to critical systems and data with IDPS-enabled visibility and responsiveness. Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© Info-Tech Research Group
2
Introduction The threat landscape is more unpredictable than ever. Organizations must consider an Intrusion Detection and Prevention System (IDPS) as another security layer to protect against these new attacks. This Research Is Designed For: This Research Will Help You: Enterprises seeking to select a solution for IDPS. Their IDPS use cases may include: Security and/or IT managers who have decided to deploy IDPS, but are unfamiliar with the space. Organizations looking to optimize their security strategy. Organizations looking for resolutions to data breach problems. Understand what’s new in the IDPS market. Evaluate IDPS vendors and products for your enterprise needs. Determine which products are most appropriate for particular use cases and scenarios.
3
How to use this Vendor Landscape
There are multiple ways you can use this Info-Tech Vendor Landscape in your organization. Choose the option that best fits your needs: Vendor Landscape Free Guided Implementation Do-It-Yourself Use this Vendor Landscape to help you complete your purchasing decision. The slides in this VL will walk you through our recommended evaluated vendors in this market space with supporting tools and deliverables ready for you to make your decision. We recommend that you supplement the Vendor Landscape with a Guided Implementation. At no additional cost to you*, our expert analysts will provide telephone assistance to you and your team at key milestones in the decision to review your materials, answer your questions, and explain our methodologies. *Gold and Silver level subscribers only
4
Book a free guided implementation today!
Info-Tech is just a phone call away and can assist you with your project. Our expert Analysts can guide you to successful project completion. For most members, this service is available at no additional cost.* Here’s how it works: Enroll in a Guided Implementation for your project Send an to Or call and ask for the Guided Implementation Coordinator. Book your analyst meetings Once you are enrolled in a Guided Implementation, our analysts will reach out to book a series of milestone-related telephone meetings with you and your team. Get advice from a subject matter expert At each Guided Implementation point, our Consulting Analyst will review your completed deliverables with you, answer any of your questions, and work with you to plan out your next phase. This symbol signifies when you’ve reached a Guided Implementation point in your project. *Gold and Silver level subscribers only
5
Guided Implementation points in the IDPS Vendor Landscape
Book a Guided Implementation Today: Info-Tech is just a phone call away and can assist you with your evaluation. Our expert Analysts can guide you to successful technology selection. Here are the suggested Guided Implementation points for the IDPS Vendor Landscape: Section 1: Shortlist Assistance and Requirements Get off to a productive start: Discuss the market space and how vendors are evaluated. Decide on which deployment option suits you best and narrow down the options based on customized requirements. Section 2: RFP and Budget Review Interpreting and Acting on RFP Results: Review vendors RFPs and ensure the solution is meeting your needs. Discuss average pricing of solutions and what can fit into your budget. Section 3: Negotiation and Contract Review Purchase Optimization: Review contracts and discuss best practices in negotiation tactics to get the best price for your solution. This symbol signifies when you’ve reached a Guided Implementation point in your project. To enroll, send an to or call and ask for the Guided Implementation Coordinator.
6
Market Overview How it got here Where it’s going
Intrusion Detection Systems (IDS) were a key layer in an organization’s overall security portfolio, adding increased visibility into potential attacks on organizations’ networks. IDS developed out of a need to detect more complicated threats like worms or Trojans that were getting through traditional security solutions. IDS would identify intrusions by noticing abnormal behavior on the network, or through a “bad” signature that it can compare against its database. However, IDS does not block against any of these potential attacks, leaving an important gap in those solutions that could be critical for organization’s security. IDS eventually evolved into Intrusion Prevention Systems (IPS) to bridge that gap. IPS are placed in-line, and in addition to detecting possible attacks, it can also block them – adding reinforcement to an organization’s existing security tools. The threat landscape is more volatile than ever. In addition to traditional attacks, threats are becoming targeted and state-sponsored. Advanced Persistent Threats (APTs) and Zero-Day attacks are taking organizations by surprise, and IPS has had to adapt to the playing field by adding features to address these threats. Vendors are now sending out updates more frequently – even in real-time, using their intelligence groups, and leveraging Security Information and Event Management (SIEM) for increased visibility into networks. There is still an argument for traditional standalone IPS solutions given the threats today; however, IPS has also been moving in the same consolidated direction as other security tools with options such as Next Generation Firewall (NGFW) with integrated IPS, and Next Generation IPS (NGIPS). As the market evolves, capabilities that were once cutting edge become default and new functionality becomes differentiating. Reputation-based scanning has become a Table Stakes capability and should no longer be used to differentiate solutions. Instead focus on the solution’s ability to address today’s key threats with APT, Zero-Day, and advanced botnet and malware detection to get the best fit for your requirements.
7
Included in this Vendor Landscape:
IDPS Vendor selection / knock-out criteria: market share, mind share, and platform coverage IDPS solutions must do more than detect and prevent traditional attacks, they must also be equipped to identify and protect against advanced threats, like APTs and Zero-Day attacks. For this Vendor Landscape, Info-Tech focused on those vendors that offer broad capabilities across multiple platforms and that have a strong market presence and/or reputational presence among mid and large-sized enterprises. Check Point. A well-known name in the space with a basic IPS. Cisco. A network giant coupled with the recent acquisition of Sourcefire to strengthen its security portfolio. Corero. One of the few vendors left that is solely focused on IPS. Enterasys. Its IPS’ ability to integrate with SIEM indicates a focus on increased visibility against unpredictable threats. HP. HP brings basic capabilities to its IPS, but lacks in advanced threat prevention. IBM. May not be synonymous with security, but offers one of the most competitive products. Juniper. Its SRX series provides strong security and scalability with up to 100Gbps throughput. McAfee. One of the most viable security vendors, but its solution lacks in some competitive features. Palo Alto. The PA-5000 series features NGFW with integrated IPS, rather than standalone solutions. Radware. Its focus is more on application delivery than security, but it still delivers with strong features. Sourcefire. The recent acquisition by Cisco will further bolster its global presence. Stonesoft. Recently acquired by McAfee, Stonesoft offers an almost-full advanced features set. Included in this Vendor Landscape:
8
IDPS criteria & weighting factors
Product Evaluation Criteria Criteria Weighting: Features The solution provides basic and advanced feature/functionality. Features Usability Usability The end-user and administrative interfaces are intuitive and offer streamlined workflow. Affordability Affordability Implementing and operating the solution is affordable given the technology. Architecture Architecture Multiple deployment options and extensive integration capabilities are available. Product *Due to a lack of pricing information, Affordability received a 0% weighting. It does not affect the vendor’s overall scores or placement. Vendor Evaluation Criteria Viability Vendor is profitable, knowledgeable, and will be around for the long term. Vendor Strategy Vendor is committed to the space and has a future product and portfolio roadmap. Viability Strategy Reach Vendor offers global coverage and is able to sell and provide post-sales support. Channel Vendor channel strategy is appropriate and the channels themselves are strong. Channel Reach
9
Table Stakes represent the minimum standard; without these, a product doesn’t even get reviewed
The Table Stakes What Does This Mean? The products assessed in this Vendor LandscapeTM meet, at the very least, the requirements outlined as Table Stakes. Many of the vendors go above and beyond the outlined Table Stakes, some even do so in multiple categories. This section aims to highlight the products’ capabilities in excess of the criteria listed here. Feature What it is: Signature Scanning Black-listing, white-listing, and pattern matching of signatures. Behavior Scanning Monitors for irregular/attack behavior as determined by acceptable and unacceptable behavior policies. Inherent Firewall Includes stateful inspection packet filter firewall. Reputation-Based Scanning Supplemental to traditional scanning that acts based on the assessed reputation of a file. Alert & Log Management Logging for all correlated events and alerting for those that exceed a given threshold or meet specific alert criteria. If Table Stakes are all you need from your IDPS solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.
10
Advanced Features are the capabilities that allow for granular market differentiation
Scoring Methodology Advanced Features Info-Tech scored each vendor’s features offering as a summation of their individual scores across the listed advanced features. Vendors were given one point for each feature the product inherently provided. Some categories were scored on a more granular scale with vendors receiving half points. Feature What we looked for: Inspection moves up the entire stack to include applications, etc. Layer 7/Deep packet inspection Prevents traffic from passing through uninspected, offers enough throughput to prevent the network from failing open. Lossless packet analysis at wire speed Black-listing, white-listing, with regular updates on new threats. Signature & heuristic detection, updates Offers threat protection for layers of the virtual infrastructure. Virtual infrastructure protection Solution has ability to decrypt encrypted traffic, such as SSL client sessions, to inspect it. Encrypted traffic inspection Protection against Denial of Service attacks through methods such as traffic rate and SSL handshake throttling. DoS/DDoS protection For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stop Lights) in the Appendix.
11
Advanced Features (continued)
Advanced Features are the capabilities that allow for granular market differentiation Scoring Methodology Advanced Features (continued) Info-Tech scored each vendor’s features offering as a summation of their individual scores across the listed advanced features. Vendors were given one point for each feature the product inherently provided. Some categories were scored on a more granular scale with vendors receiving half points. Feature What we looked for: Updated signature support, behavioral technology to identify malicious activity. Advanced botnet and malware detection Ability to alert and block privacy violations coming from a wireless IP address. WLAN protection Real-time updates on threats, integrates with SIEM for increased visibility into your networks. Advanced Persistent Threat (APT) protection Solution has regularly updated signatures to identify zero-day attacks. Zero-Day protection Able to set rules to meet HIPAA and other compliance restrictions and requirements. Pre-built compliance settings Ability to control traffic, including application rate limiting, QoS/DiffServ marking. Traffic shaping For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stop Lights) in the Appendix.
12
Info-Tech Research Group Helps IT Professionals To:
Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department Sign up for free trial membership to get practical solutions for your IT challenges “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free:
Similar presentations
