pilot_4
August 28, 1998
Intrusion Detection Pilot Program Guide
1
Intrusion Detection Pilot Program Guide
Introduction & Scope
Because of their advanced functionality and feature sets, network-based intrusion detection
products are often difficult for customers to evaluate. A framework for comparing products with
a robust and consistent set of criteria is, therefore, useful to potential customers of intrusion
detection systems.
This document describes a process by which you can evaluate network-based intrusion detection
products. It will help you ask the right questions when evaluating, help you understand how best
to explore the product candidates, and help you make a buying decision.
A typical evaluation process consists of three phases:
Phase 1: Requirements Definition. Deciding whats important to you.
Phase 2: Product Evaluation. Selecting the right product to meet your needs.
Phase 3: Successful Deployment. Deploying the solution in your organization effectively.
At each stage of the evaluation process, we recommend being assisted by the vendor of the
intrusion detection product to ensure that you get an accurate assessment of the products
capabilities.
Through the structured approach provided by this document, you will be able to identify your
needs, objectively evaluate LAN-based intrusion detection products, select the right product, and
implement it successfully in your organization.