IDS/IPS implementation phase 3. Open source vs proprietary

IDS/IPS implementation phase 3. Open source vs proprietary
The previous part called "Throughput Metering" was described here .

According to the calculations it is possible to define which solution may be appropriate for some network segment with the bandwidth requirements. Then we must decide if we implement some proprietary solution or use an open source one. Commercial product must satisfy the functional requirements and it's weight points also contain such parameters as a solution price, technical support level, conditions and cost. We also need to decide what to use: hardware appliance, software product or a virtual appliance. In the case of soft/VM we must include an additional money for the hardware resources used by the solution. In the case of hardware it is important to understand a government import/export policy and a vendor ability to provide a faulty device replacement in the SLA-defined terms.

An open source solution is sensitive for such factors as:
- hardware price;
- qualified staff.
The last point is critical in the proprietary solution implementation too. Even if you prefer to use outsourcing specialists for the IDS/IPS implementation and operation you must supervise them and the outsourcing team leader/coordinator must be an expert in this field. If you implement an open source solution you must have a staff with strong UNIX and programming skills. 
In the budget deficit conditions the solution cost may play a critical role. So, there is some analytics for the proprietary solutions and open source ones using provided below.

Proprietary solutions
- Vendors' guarantee;
- Technical support and updates;
- SLA;
- «Native», easily integrated management and monitoring systems for IDS/IPS;
- Basic customer needs adaptations;
- No need to have software development organization unit in the staff.
- Expensive price;
- Low flexibility in the case of adaptation need for the customer requirements;
- Low flexibility in the case of vendor swap need. Problems with the data migration between different vendors.
Table 1. Advantages and disadvantages of the proprietary solution.

As we can see in the Table 1 the customer gets the vendor guarantee, upgrade ability and the technical support SLA.
Internal developers staff needless is good with a financial point of view but commercial vendors' solutions usually can't adapt for customers' requirements up to 100% or absolute customization may increase the solution price. One more problem is vendor swap if needed. It may be caused by the scalability lack or another reason. In the case of vendor1-built infrastructure segment extension need it is necessary to foresee standard open interfaces on it. If data migration needed for the vendor swap data convertation is necessary too ant it may require additional time and money.

Open Source software
- Low price;
- No hardware vendor-locking;
- High flexibility for customization needs.
- Developers staff needed or their absense risk acceptance;
- Hardware purchase needed;
- Guarantees, responsibility and SLA are in one company.
Table 2. Open source software advantages and disadvantages.

Table 2 contains benefits and lacks of open source software. In spite of software low price its' implementation cost also includes a hardware purchased additionally. But the main advantage of such decision is hardware vendor-free solution. There are high flexibility, full business requirements adaptation and operability support are provided by internal development and engineering staff needs additional financial resources. All guarantees, responsibilities and SLA are in one company. In the case of profiled technicians absence it must be accepted the software unreliability risk or minimization strategy defined.
In total, the most preferable option is to use the certified vendor-supported solution in corporate infrastructure if this solution is business critical or your company provides a service based on it. Open source software is more appropriate for use as additional software for non-critical  systems in the case of developers absence at the enterprise.
In the case of information security infrastructure their monitoring and management systems designed by vendors are "native" for IDS/IPS events collection and it is guaranteed packets delivery present. The data transferred is also encrypted. But in spite of such functionality some systems can't detect such IDS health indicators as SPAN-session load average and critical deviation. It usually may require third party systems configuration.
The main IPS/IPS operating and management systems must provide secure and reliable components interconnection for events and configuration management. Opens source solutions may be useful as additional monitoring systems for CPU/interfaces load, SPAN-sessions load average and critical deviation detection, hardware problems indication etc.

Alt text
История Ричарда Столмана - от любви до ненависти. Раскрыты подробности уплаты выкупа вымогателям а киберграбители взялись за цифровое искусство. Смотрите 12 выпуск security-новостей на нашем Youtube канале.

Андрей Дугин

Практическая информационная безопасность и защита информации | Information Security and Cyber Defense in Deed