x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF

Technical Support

Need help?

 

How can I optimize the performance of IPS?

Information applies to:

Products
Panda GateDefender Integra 100
Panda GateDefender Integra 300

The factors that most influence the performance of any IPS system, apart from the technical characteristics of the devices, are the bandwidth that must be inspected and the number of rules configured in the network to combat attacks. These external factors could overload an IPS. As a result, packets could be lost (dropped).

To avoid this problem, the security administrator must be proactive, especially in the initial setup phases of the system.

Generally, before configuring an IPS in SMBs or enterprises, it is recommendable to ensure that the rules conform to the security policies. To do this, security administrators must work together with the systems administrator, network and applications administrator and database administrator.

 

Considerations prior to optimizing performance

  • External factors that determine the rules to use: All existing rules, only the rules that correspond to the system or an intermediate configuration can be used.

    It is not logical to enable rules for attacks that target services that are not available in the servers.

    For example, if Oracle databases are not installed in the environment, enabling IPS rules that block intruders in Oracle will only increase the workload of the IPS engine. What’s more, it will be an additional load on the memory and CPU resources assigned to process the packets, without offering any benefits.

    For these reasons, a general strategy when starting to configure the IPS is to reduce the number of rules enabled, so that only attacks that can affect your environment are monitored. Including all the rules will result in unnecessary and inefficient use of resources.
  • The global configuration variables are used to improve the performance of the IPS system, thereby reducing false positives. A false positive is when the IPS engine detects an attack that is not really an attack. For each type of network, server or service, it is possible to include the IP addresses considered necessary and which will not be included in the list of intrusions, reducing the number of false positives.
  • High availability combines various devices in a cluster, ensuring availability of services, even in the event of hardware or software failure. High availability is completely transparent to the user and does not require any modifications to the client routing table, as in practice, the user will see it as a single device. For more information about high availability, click here.

 

Additional information

Click here for more information about the cluster.

Help nº- 20070702 31464 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





Do you need one of our technicians to connect to
your PC or device remotely to fix a problem?

Discover our Premium Services

ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT