Intrusion and Threat Prevention

Intrusion Detection and Prevention Systems (IDS/IPS) 'should' be a key alerting and prevention tool within your infrustructure for known attack vectors. This technology, when properly deployed, should be capable of identifying known attacks within your environment based upon ongoing signature updates obtained from your vendor. When properly configured and tuned, this mechanism can provide you a low false-positive alerting mechanism for real-time known attacks.

Unfortunately, many IDS/IPS deployments are not properly maintained, configured and/or tuned for the segments, systems and data flows they aim to protect. This fact often causes the systems themselves to create many false positive alerts which in turn creates a needle-in-the-haystack issue for investigations when sifting through this data. This also often results in unusable and negatively skewed [false-positive] correlated alerts in the user's SEIM system.

More Information:

For more information on Intrusion Detection and Prevention Products, Solutions and Priveon Implementation Services, please contact us.