The ‘in band’ v’s ‘out of band’ debate continues to rage and we find ourselves discussing the pros and cons of IPS v’s IDS with customers on a regular basis. To this day, we’re still surprised by the number of IPS implementations that we discover deployed in ‘passive mode’, with the engineers responsible admitting to being “too scared to turn blocking on”.

The reality is that IPS and IDS are different horses which are designed for different courses.The debate isn’t IDS or IPS, its actually IPS and/or IDS.  IPS are useful for organisations that don’t have the local resources (typically in the form of a SOC) to manage infections and outbreaks within the network. A high performance IDS is the right solution for those that do. At Endace we think of IPS as a kind of ‘SOC in a box’.

As a nation we’re obsessed by brands. They’re everywhere and whether we like it or not, in today’s ultra-connected world, they matter – government agencies are hiring branding agencies to help them manage their public ‘image’. If you look closely at some corporate accounts ‘brand’ is starting to appear as an asset on the balance sheet. Whether you agree or not isn’t the point, the fact is that they are and that matters.

For purists (like me), brand is really just a synonym for corporate reputation. You can’t buy your way to reputation: you earn it over time. You do the hard yards and you build it piece by piece, customer by customer, recommendation by recommendation.  All the advertising dollars in the world won’t buy you brand equity (they will just buy you brand awareness). If you treat your customers like dirt, your brand will be dirt. That bit at least is very straightforward

Most security professionals know that what vendors claim their systems can handle (in terms of throughput) and what they can really handle are two different things. Why is this the case, why does it matter and what can you do about it?

Before diving in, it’s important to understand what ‘throughput’ really means. In layman’s terms, throughput is the amount of network traffic (measured in Mb/s or Gb/s) that a system can ‘process’ without missing events.

There are three main reasons why network security systems, such as IDSs and IPSs miss network security events:

1. The hardware platform doesn’t show the packets to the application because it’s simply not up to the job
2. The DPI engine (the application) isn’t fit for purpose
3. The rule set is too simple, or too complex

As a buyer of these systems, you need to be sensitive to all three factors, as two legs does not maketh a stool [sic]

National security is a big deal. We trust our elected governments to have our backs, to stop the bad guys before they act and keep us safe. It’s why we pay our taxes and vote for the people that we do. The swing from traditional ‘armed’ threats internet-borne threats has been extraordinarily rapid and created an entirely new threat landscape for our governments to deal with. Lulzsec’s recent rampage across the internet has shown in the most public way just how vulnerable we all are (governments, enterprises and individuals alike), to malicious attack from this new frontier and in many cases, just how badly prepared we truly are. Protecting national security is far harder today than it’s ever been before. At least before you could see the bad guys.

At Endace we’ve worked closely with a variety of government agencies for many years, helping to facilitate, empower and enable the activities of those responsible for keeping us safe. It’s a market that we’re proud to be associated with and one that we’re actively developing all over the world with government agencies that understand the power of the Endace Platform.