Adding IP Reputation to increase efficiency and effectiveness of your IPS
If you have read our previous blog post, you know that we are big fans of using IP reputation. But, you might still be asking yourself, “Why?” The answer is simple, increased efficiency and effectiveness. Today, many (probably most) organizations use a Unified Threat Management (UTM) appliance to protect their organizations; however, the same increases apply even if you are using standalone components (i.e. firewall, Intrusion Prevention System (IPS), etc.).
All of these security components (UTM, firewall, IPS, etc.) are sold based on throughput; costs increase as device throughput increases. Complaints about the cost per throughput are quite common; see these comments on Fortinet and Palo Alto. Adding IP Reputation can help keep costs down as packets to/from known hostile IP addresses are dropped before they tie up precious CPU resources on UTM, firewall, IPS, etc.
In addition, since packets to/from known hostile IP addresses are dropped before they tie up precious CPU resources of the UTM, firewall, IPS, etc., your security administrators can be more effective, because they are not wasting time sorting through UTM, firewall, IPS, etc. logs cluttered with packets to/from known hostile IP addresses.
If you are interested in adding IP reputation to increase the efficiency and effectiveness of your security initiative, please call (804) 798-4444 Option 2 or email sales@computer-business.com.