I. Understand that deploying and implementing an IDPS is often not always a straightforward task. The strategy for deploying an IDPS should consider several factors, the foremost being how the IDPS will be managed and where it should be placed.
II. Review the NIST SP 800-94 Rev. 1 recommendation for implementation of an IDPS. In summary:
• All components should be secured appropriately as they are a prime target for attackers.
• Consider multiple types of IDPS technologies to achieve more comprehensive and accurate detection while preventing malicious activities from taking place.
• Organizations that plan to use multiple types of IDPS technologies or multiple products of the same IDPS technology type should consider whether the IDPSs should be integrated.
• Requirements should be defined before evaluating IDPS products.
• When evaluating IDPS products, organizations should consider using a combination of data sources to evaluate the products’ characteristics and capabilities.