Webinar Juniper Length : 01:30:00

IPS Strength:

Data center protection

IPS good for protecting datacenter, especially protecting servers.

Protecting Client to Server direction.

But IPS is not so good protecting clients.

It's good to add IPS capability on FW, because no need to add another device, but this might be the right reason.

Policy compliance with IPS

FW/IPS consolidate where IPS use is light

Out of band/sniffer

1. Client to Server

2. Anomalous/Evasive Network protocol Behavior 3. Network Layer Server to Client Attack 4. Brute Force Attacks 5. DoS Attack

Mode:

Sniffer

Integrated

Tap

Full

IPS  Weakness:

Not one is box logging

IPS only vs standalone - lack of network profiling High performance price Malware detection - require file format/application analysis (ex: malicious PDF, excel, word, flash object, java object)

File format based detection

Specialized application security (WAF)

Reputation/profiling/data import based attack detection.

Questions before deploying IPS:

what assets to protect?

What throughput, sessions, CPS?

What type of IPS policy?