Network-based intrusion detection systems (NIDS) monitor network traffic for signs of attack. Before you purchase a solution, make sure you ask your vendor about these 10 critical issues.
- Detection methodology: Does the system use signature-based, anomaly-based, or behavioral detection? Most modern solutions combine multiple approaches.
- Signature update frequency: How often are signatures updated? Is the update process automatic?
- Performance under load: What happens when the sensor is overloaded? Does it drop packets or log an alert?
- False positive rate: Ask for data on false positive rates in environments similar to yours.
- Encrypted traffic: Can the sensor analyze encrypted traffic? If so, how?
- IPv6 support: Does the solution fully support IPv6 traffic analysis?
- Management console: Is a centralized management console included? What does it cost?
- Logging and reporting: What logging capabilities are included? Does it integrate with your SIEM?
- Hardware options: What hardware platforms are available? Is a software-only option available for virtual environments?
- Support and updates: What is the support SLA? How are updates delivered?