On Fri, Feb 13, 2015 at 11:40 AM, Andy Ringsmuth <andy@newslink.com> wrote:
NANOG'ers, I've been tasked by our company president to learn about, investigate and recommend an intrusion detection system for our company.
An important thing to realize is that an Intrusion Detection System is not a "product" you can buy. And if your org. is 100 people, you should probably think about engaging some professional security services firms to help, starting with a basic Info. security and physical security audit from an independent third party. An intrusion detection system consists of an infrastructure stack containing vigilant dedicated human beings, devices, various software for instrumenting the network in different ways and analyzing collected data, documentation, business, and security processes within the organization. Without enough of all those pieces, there are plenty of off-the-shelf IPS offerings, BUT using one could very well instill a false sense of security, because you have no idea if the product is actually doing a good job at what it is supposed to do, and not just presenting a "perception" of security mostly by tackling just whatever bugs or malware is appearing in the news headlines of the day. Also, there is the matter of being equipped with suitable analysis and response plans to be prepared for the time that the IDS alarm actually goes off, and to be able to determine if it's actually legitimately a false alarm, something meriting investigation, or if it represents an emergency.
We're a smaller outfit, less than 100 employees, entirely Apple-based. Macs, iPhones, some Mac Mini servers, etc. [snip]
-- -JH