Intrusion Prevention (IPS) capability is the ability to monitor network and server traffic in order to identify potential illicit activities based on pre-identified patterns. Illicit activities refer to the possible incursions and attacks on your infrastructure that may result in system compromise or denial of service conditions. The advent of IPS technology now allows you to proactively block malicious traffic. You need to understand you environment, applications and traffic flows to be able to determine what can be blocked. This is a highly intensive time consuming exercise which requires the experience and expertise of the Cyberklix team. The Cyberklix service is technology agnostic and supports all leading manufacturers including McAfee, ISS, Cisco and Symantec.

Cyberklix will assess, design and implement the required monitoring infrastructure appropriate for your environment. On an ongoing basis Cyberklix will monitor the output from the sensors, analyze and forward alerts in a timely fashion and provide regular reporting. Cyberklix will also help define an incident response process and provide technical resources to help resolve or recover from major incidents, as determined by each client’s specific requirements and processes.

Business Benefits

Cyberklix has identified the following reasons why such a service would be of value:

• We buffer the client from the complexity and labour intensive effort to install and use IPS, which is an essential component of any security infrastructure. 
• We ensure effective installation by providing robust procedures and effective filters. 
• We provide 7/24 monitoring from our Mississauga security operations centre.
• Out tasking provides access to shared expertise and monitoring capability thereby reducing costs and enhancing the security posture of the organization.
• Cyberklix will help define and implement effective incident response processes.

Service Description

Our IPS service includes the following:

• Work with you to determine requirements based on risks and current environment .
• Design the IPS configuration.
• Implement using existing hardware and IPS software or work with you to evaluate and select the best fit IPS software and hardware.
• Document IPS operational activities and procedures.
• Work with your staff to optimize filters to minimize “noise” and false positives.
• Work with you to define alert levels and corresponding response and escalation procedures.
• Monitor the ongoing environment and forward alerts in a timely fashion after initial Cyberklix assessment.
• Provide regular reporting both technical staff and management.
• Maintain IPS software for patches and release management as agreed with client.

Engagement Activities

The following steps reflect a typical engagement cycle:

• Meet with you to understand IPS requirements and current environment.
• Prepare and present Cyberklix IPS proposal.
• Finalize service level commitments and implementation project timeline and resource requirements.
• Implement IPS system and commence monitoring and reporting process.