Hi Shang ,

Follow bellow the answers about your questions

- Are any of you experience the same issues?

A - In a first installation of any IDS/IPS system in a new environment
at the beginning its possible to have some problems like
false-positive alerts but nothing traumatic , but you really needs
perform a fine tunning.You need a period on the IPS/IDS only in the
monitoring mode ( reporting without actions ) in your network and
after this you can analyze the reports and check if the alert is
really an atack or a simple false-positive , and you can add a
exception for this when you put the IPS/IDS in prevent mode (reporting
with actions - drop , accept ...etc).

- Is these disruptions common to others or should we seriously
consider replacing the IDS and/or the outsourcing company?

A - This is not common when you have a correct implementation of the IPS/IDS.
I thing you jumped the step of the fine tuning / monitoring time in
your IPS implementation and you really need to do this.If possible
contract a consultant company (prefer business partner of IBM/ISS) to
check and audit the actual configuration after this you can measure if
you really need to replace the outsourcing company.In my opinion the
IPS/IDS of the ISS company is one of the best systems at world.

- Could this be an issue with our network infrastructure?

A - Maybe , without any information its complicated to say "is
network problem or IPS/IDS configuration problem or a network
architecture problem"

PS: I answer your questions considering you have a product compliance
with the manufacturer life cycle time , and using the last updates.
If is not this my answer can change!

I hope you appreciate my help.

Regards ,

Antonio

2011/2/1 Shang Tsung <shangtsung71 (at) gmail (dot) com [email concealed]>
>
> Hello,
>
> We have the following problem. Now and then, the IDS will cause
> disruptions to the network, especially after updates. We have an IBM
> (ex ISS) Intrusion Detection System with a few network sensors and
> several host sensors. The IDS is not managed by us but we have it
> outsourced.
>
> The disruptions mentioned above cause our network engineers extreme
> dissatisfaction (and anxiety) about the IDS and they would "burn the
> damn thing", if they could. We have 2 - 3 serious issues, causing
> downtime, per year.
>
> My questions are:
>
> - Are any of you experience the same issues?
> - Is these disruptions common to others or should we seriously
> consider replacing the IDS and/or the outsourcing company?
> - Could this be an issue with our network infrastructure?
>
> I will appreciate any thoughts.
>
> Thanks,
> ST
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]