Skip to main content
Professional Communities
Security and Data Governance

IDS & IPS Implementation

Definition of IDS & IPS Implementation

Intrusion detection and prevention systems monitor network traffic and are an important source of data about what’s happening on the network. Engineers should understand how the systems function and effective options for deploying and configuring them.

Assistant / Associate:

Understand how IPS systems work
Understand how IDS systems work

Senior Associate / Professional:

Understand how to modify IDS/IPS systems to generate desired data
Able to deploy new IDS/IPS system components and verify functionality

Senior Professional / Principal:

Plan IDS/IPS architecture and deployment

How to Develop IDS & IPS Implementation

Training Courses:

· SEC503 - Intrusion Detection In-Depth

· SEC699 - Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection

Online Videos:

· https://www.youtube.com/watch?v=7OTBlYB14Ww

· https://www.youtube.com/watch?v=R-8WdoP-CtE

Experiences:

· Practice looking at IDS/IPS logs and considering how the current deployments could be improved, perhaps to have fewer false positives or capture more of the traffic flow, etc.

How to Demonstrate IDS & IPS Implementation

DO:Describe what you did in completing / achieving your development plan

· Spend time learning the underlying mechanisms that IDS and IPS systems use.

· Study current IDS & IPS architecture and think about how it could be improved

ASSESS:Share, if applicable, any assessments that were taken / provided related to your activities

· Where are the current IDS/IPS systems lacking and what would it cost to improve them?

LEARN:Explain what you felt that you were able to learn during your journey / experiences

· Study best practices IDS/IPS deployment

· Explain how the data and alerts generated by IPS/IDS are used

APPLY:Give specifics examples where you have / plan to make direct application to your work

· Share how you might improve network or host attack visibility.

· Create procedures and documentation for improving or implementing new IDS/IPS features.

REFLECT:Review / consider things you would have done differently had you had this experience earlier

· How does this change the way you view IDS/IPS systems?

· What do you consider sufficient IDS/IPS coverage?