In an enterprise using an in-line IPS deployment with CSM/MARS for mgt/mon of IPS devices, what is the recommendation for a lab to test IPS changes (signatures,filters,code,etc) in production? Looking for an enterprise perspective.
Host-based intrusion detection and prevention devices provide MARS with detailed information about attacks seen at the host level, rather than the network level. They also provide information about the host operating system and successful prevention of attacks, both of which provide more targeted data for false positive analysis.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: