2015-10-25T12:49:54Z

When evaluating Intrusion Detection, what aspect do you think is the most important to look for?


Let the community know what you think. Share your opinions now!

Guest
44 Answers

author avatar
User

From a pure cyber security and technical point of view the most important aspects are: (1) The detection rate and (2) The width of coverage (how much attack surface is protected).


For the first one, it is unfortunately very difficult to assess the detection rate of a solution unless you are an expert with a large dataset of threats (known and unknown) at your disposal to benchmark the solution against. In any case, you should make sure the solution is capable of detecting unknown and novel threats - this is, the solution must go beyond heuristics and possess a profound understanding of cyber threats.


Second, the width of coverage means that the solution covers a large number of threat verticals but more importantly is deployed at anywhere where a threat may appear. In several cases, customers do not cover all the areas of their network.

2020-07-08T15:05:45Z
author avatar
User

- Capabilities, if we don't understand what these are it is unlikely we will have a success story.
- The expertise to operate
- Product documentation
- Training provided by a supplier
- Best practices
- Successful use case scenario (ideally from the same industry),
- Pricing (matters for local gov), etc.

2019-12-05T14:24:20Z
author avatar
Vendor

Education, documentation, use cases and best practices.

2019-11-01T18:57:27Z
author avatar
Vendor

Documentation. Algorithmic transparency. Ability to get someone smart on the phone FAST at the vendor, without going through gatekeepers. Confidence levels (statistical validity).

2016-03-17T05:28:21Z
Find out what your peers are saying about Darktrace, GFI, Vectra AI and others in Intrusion Detection and Prevention Software. Updated: January 2021.
455,164 professionals have used our research since 2012.