| Intrusion Prevention IPS | Network Access Control NAC |
Is your intrusion-security solution in-band?
A. We rely exclusively on out-of-band detection.
B. We use a combination of out-of-band and in-band solutions.
C. We are using all in-band solutions.
Does your intrusion-security solution deliver maximum network and application up-time?
A. Our solution uses general purpose hardware (e.g. servers) and software (e.g. Microsoft or Linux).
B. Our solution is an appliance that delivers good up-time numbers, but it provides few internal hardware redundancy options.
C. Our solution is an appliance that delivers good up-time numbers, many internal redundancy options, and can be deployed in a redundant fashion.
Does your intrusion-security solution deliver the performance to inspect and block traffic without slowing your network or business applications?
A. My solution is all out-of-band.
B. My in-band solution does tend to slow the performance of my network and/or applications.
C. My in-band solution runs at wire speed and does not impact network or application performance.
Does your intrusion-security solution have the reliability and performance to protect both your perimeter and key points in your core network?
A. I only trust my intrusion solutions at the network perimeter.
B. I rely on intrusion solutions mostly at the perimeter, but I have installed some in a few other areas in the core of my network.
C. I use intrusion solutions throughout the perimeter and core of my network.
Does your intrusion-security solution provide broad and deep attack coverage?
A. My solution relies mainly on exploit filters that protect us against well known attacks.
B. My solution uses exploit filters and numerous vulnerability filters. The filters are updated in a timely manner and in many cases provide protection against Zero-Day threats.
How accurate is your attack coverage? Does it block bad traffic without blocking good traffic?
A. We primarily use alerts instead of blocking because we're not confident in the ability of our solution to separate good traffic from bad with extreme accuracy.
B. We primarily use blocking rather than alerts. However, I wish that we could increase the number of filters that we set to block.
C. We set our filters to block almost exclusively and our vendor’s filters are extremely accurate.
How timely and up-to-date is the attack coverage?
A. Our filters are updated on a regular basis; however we are somewhat vulnerable to Zero-Day threats until our vendor releases new filters.
B. Our filters are updated to address Zero Day threats to minimize my vulnerability when I need it most.
Can your security vendor provide you with reference customers who have large numbers of filters turned on to block on in-band IPS systems?
A. The references my vendor provided used their solution more for detection, rather than in-band for prevention.
B. The references my vendor provided used their solution in-band, but most of their filters were set to alert rather than set to block.
C. My vendor has multiple references that use their solution in-band, with large numbers of filters set to block.