Cyber Security Applications

IDS, Analytics, Forensics
and more

Cyber Security: Network Analytics, Forensics and IDS

Deploying a Cyber Security 'fabric'

Scale to 10Gb/s
and beyond

Deploying scalable Cyber Security and IDS

Best Practice Cyber Security

What really
matters?

Network security best practice

Network Security's Inconvenient Truth

The story you need
to know that
no-one's telling
you

Packet Capture's Inconvenient Truth
Home » Solutions » Cyber Security Monitoring » Best Practice Cyber Security

Best Practice
Cyber Security

Everyone has a view. Here's ours:

Our thoughts on effective network security

Endace recognises that effective network security requires:

  • 100% accurate capture of all network traffic from all network types and speeds
  • All captured traffic to be written to disk for analysis and evidence
  • High-performance traffic analysis and threat alerting tightly integrated with SIM/SIEM systems
  • Effective tools to enable blocking and/or alerting of malicious traffic
  • The ability to run different open-source engines - such as SNORT™ and Suricata from the OISF
  • Support for a blend of rulesets from commercial 3rd-party rules to community-developed and custom rules
  • A platform that enables reuse of captured traffic to feed a range of different security-related applications

Cyber Security today

Intrusion Prevention, or Intrusion Detection? Passive IPS or Active IPS? Canned rules or Open Source rules? Open engines or proprietary engines?

There are a myriad of different security options available on the market today, all with their own advantages and disadvantages. To find out what we think you need to know, watch Stuart Wilson, Endace CTO, explore "The 4 Biggest Issues Facing IDS and IPS Today".

In the webinar Stuart looks at:

  • The 'Inconvenient Truth' about packet capture
  • Effective management of rulesets
  • The absolute need for network forensics
  • The real impact of IDS device saturation and traffic blocking
NSS Labs IPS Test Results

Source: NSS Labs Network IPS Comparative Test Report, Dec 2009

IPS Performance - Reality vs Marketing Hype

In Q4 2009, NSS Labs evaluated 15 different IPS solutions from 7 different vendors, testing their block-rate and throughput. The graph shows the results of the testing after the vendors had tuned their rules. Each system was tested against the same set of attacks. The test results make interesting reading, and from our perspective show:

  • There is a mismatch between marketing claims and actual performance.
  • Plugging in an IPS and assuming you're protected is simply no longer an acceptable or defensible strategy.
  • The best performer in the test used an open-source engine.

Endace did not participate in the Q4 2009 test, but looks forward to participating in an NSS Labs test in August 2010.

If you are currently running an IPS or planning to purchase one, talk to us about our performance testing service. We can help you ascertain the performance of your current or proposed installation. For a limited time we are giving away a number of tests to qualifying organisations.

NSS Labs

NSS Labs extends a special offer to friends of Endace

This NSS labs report is available to purchase at a special 20% discount rate for visitors to the Endace website. Please Contact us for a discount code

1 SNORT® is a trademark of Sourcefire Inc.