Intrusion Detection and Prevention (IDP) systems are complex security tools that cannot just be bought and installed. To achieve the desired level of effectiveness, a significant amount of planning is required before tools can even be acquired. Otherwise, enterprises may purchase the wrong facet and never obtain the capability or payback they expect. Alternately, they may spend far more money than is required for the desired level of capability.
Three key factors that must be considered before implementation or acquisition are:
- Baseline functionality.
- System architecture.
- Monitoring requirements.
By clearly establishing the enterprise's expectations and requirements in these three areas, an appropriate IDP system can be designed, acquired, and then implemented. Only by assessing these factors ahead of time will the system achieve the required level of effectiveness at a controlled level of spending.