This little insightful article has some of the greatest network IDS and IPS tips I’ve seen in a long time. It also presents them in a nice vendor-neutral kind of way. In addition, it covers some of the good use cases for a network IPS, such as perimeter protection and a small number of critical networks. I was also very happy to see the requirement for the correlation technology in addition to the NIDS and NIPS.
The paper reads especially well together with
my article on IDS mistakes.