Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Best practices for purchasing an intrusion detection device

In this SearchSecurity.com Q&A, security management expert Mike Rothman offers guidelines for buying an intrusion detection (IDS) device.

My organization is about to purchase an IDS device and we've narrowed down the choices to a couple of vendors. Would you recommend trying to get demo versions and testing each of the boxes ourselves, side by side? Or since we know the products have similar features, should we rely on benchmarks and just focus on getting the best price?

As I lay out in my Buying Security Products Guide, having multiple options that you know can do the job is important....

Since intrusion detection (IDS) is a mature technology, there will be limited differences among commercial products. In fact, if you are only looking for IDS functionality, then you should probably look at the open-source tool Snort. It's consistently rated as a top 3 IDS offering, and the price is right (it's free).

Generally speaking, I'm not a fan of "benchmarks," product reviews or product certifications when making buying decisions. Those resources can certainly help security professionals understand what they need to look for and help to compare products at a surface level, but there is no substitute for installing and testing a product to be sure it works for a specific organization.

In this case, if time is not an issue, I would suggest implementing the products in your organization's lab. It's difficult to know how a product will perform in your environment until it's properly tested. You may hate the user interface, find the updating process ponderous or have some other trouble that should've been recognized before a check was signed. Unless the products are tested, it's impossible to know.

Once it's determined (hopefully through lab testing) which of the products will work in your environment, then it's time to start negotiating for the best price -- but don't let the cart get ahead of the horse. A organization needs to make sure the product will work before worrying about saving $10.

This was last published in February 2009

Dig Deeper on Detecting and preventing network intrusions

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close