BreakingPoint IPS Testing Methodology
An Intrusion Prevention System (IPS) is designed to detect malicious activities and drop or sanitize the packets while allowing legitimate traffic to access the corporate network. In order to verify an IPS will work properly in a real-world deployment it is critical to test the IPS under the same real-world situations including known vulnerabilities, attack scenarios, custom strikes and legitimate application traffic.
If an IPS fails to work properly, even letting a single flow of malicious traffic pass can allow viruses, worms and backdoor attacks to gain access to the corporate network and cause a great deal of problems, potentially bringing down the network. Only through proper and realistic network simulation can you ensure the performance and resiliency of an IPS and the network.
Performing a series of tests using the BreakingPoint IPS test methodology will help determine the IPS’ actual capabilities under real-world conditions. For instance, the IPS device might be able to detect and mitigate malicious activity under light network traffic load. However, when network traffic becomes heavy, the IPS device might detect significantly less malicious activity. Sufficient testing must be preformed to fully characterize the impact different scenarios will have on the IPS.