Difficult one to search for since "IPS" tends to get hits on IP's as in IP addresses!
How many of you in the enterprise space are doing IPS or IDS for east/west traffic? How are you dealing with high levels of traffic? I realize the last question is a relative one, but at the many gigabits per second levels, you really need your IPS to perform well to avoid operational impacts.
Finally, are you combining your IPS with your Firewall? Success?
If it's not obvious, we are running into performance issues with IPS enabled on internal firewalls supporting east/west traffic. The devices either need to be bigger or scaled horizontally ($$ in either case), the functionality split out to dedicated devices or pulled closer to hosts via SDN technologies. Or maybe IPS internally is a lost cause and we should be focused on more passive approaches like analysis via network taps and DNS "Firewalls".
TIA!
No comments:
Post a Comment