The previous chapter described all the preliminary steps that need to be taken in order to deploy an intrusion detection infrastructure. Now it is time to consider various aspects that are directly related to purchasing an IDS and bringing it into operation.
Implementing an IDS is not as easy a task as it might seem at first glance. It requires an approach similar to the one used in deploying and implementing Enterprise Resource Planning (ERP) or Customer Pelationship Management (CRM) systems. This means that this task must be considered separately, as a special project that has its own life cycle (Fig. 8.1).
Fig. 8.1. The life cycle of the IDS deployment project
Obviously, the time it takes to bring an intrusion detection system into operation will differ for different customers. In the next chapter, I will concentrate on IDS evaluation criteria and describe the main categories of customers. For the moment, however, I'd like to just provide a table outlining the approximate time it should take to implement specific steps of this project (Table 8.1).
Small business | Average and large companies | International companies | Service providers | Outsourcers | |
---|---|---|---|---|---|
| |||||
Planning | 1/3 | 2/3 | 12/6 | 6/6 | - |
Choosing the manufacturer | 1/1 | 1/1,5 | 1/2 | 1/1 | - |
Testing | 1/1 | 1/2 | 1/3 | 1/3 | - |
Pilot project | - | 1/2 | 2/3 | 2/3 | - |
Purchasing | 0.5/1 | 1/3 | 6/6 | 6/3 | - |
Placement | 0.5/1 | 2/3 | 12/12 | 3/6 | 6/9 |
Operation | 3/- | 6/- | 48/- | 24/- | 24/- |
Maintenance and support | 1/- | 3/- | 6/- | 6/- | 3/- |