SEPTEMBER 24, 2009

How To Test IPS Devices: Updated IPS Testing Methodology Published

Today we released an update to our IPS testing methodology, significantly enhancing the document with more test scenarios and pages of step-by-step tips. You can download the BreakingPoint IPS Test Methodology here.

Security threats, as you all know, have become so complex and numerous that organizations often are having difficulty figuring out which threats are the most dangerous. Resiliency testing of networks and security devices, such as an IPS, with "realistic Internet-scale traffic" is the first step in securing organizations. Being realistic in your testing means using live security strikes, blended application traffic, maximum load and even throwing in unforseen scenarios.

Let's face it, if your IPS fails to work properly, even letting a single flow of malicious traffic pass, you are dealing with viruses, worms and backdoor attacks that can gain access to the corporate network and cause a great deal of problems, potentially bringing down the network.

The IPS test methodology is meant to help determine the IPS’ actual capabilities under real-world conditions. For instance, the IPS device might be able to detect and mitigate malicious activity under light network traffic load. However, when network traffic becomes heavy, the IPS device might detect significantly less malicious activity. These types of tests fill up this methodology.

Sufficient testing must be preformed to fully characterize the impact different scenarios will have on the IPS. Realism is key.

To give you an idea of what you'll find in the methodology here is the table of contents:

IPS Testing Methodology