False positives and irregular updates of software and signatures may lead to the IPS appliances ignoring malware and dropping legitimate traffic. Large numbers of false positives may also slow down staff reaction time to legitimate threats, or encourage engineers to ignore the threats altogether.

Additionally administrators have to possess a deep knowledge of networking protocols to effectively distinguish between false positives and legitimates threats.

NetSieben offers a 24x7 monitoring and management of IPS providing real time responses to potential threats. NetSieben takes responsibility to pro-actively reduce false positives by regularly tunning of the rule-sets and applying new signature updates. Updates are executed remotely bypassing the need for customer intervention and, if required, can be performed during scheduled maintenance windows.

NetSieben utilizes an integrated ticketing system that tracks the progress of every issue, automatically ensuring the agreed SLA escalation process is followed. Below is an example of NetSieben's response to IPS events:

• For every event classified as of "Critical Severity" and permitted to pass by the current rule-sets, a ticket is automatically created in the NetSieben ticketing system. NetSieben responds to such an event within 10 minutes. NetSieben engineers work with the Customer's engineers to determine if the attack is a false positive. Exempt rules are created for false positives. If the attack is determined to be a real threat, appropriate actions are taken starting with the creation of a drop rule for the attack, and ending with the Customer being provided with the raw log evidence.

• Attacks which are classified as of "Major Severity" and permitted to pass by the current rule-sets are examined daily by NetSieben engineers. False positives are determined with assistance from the Customer. Exempt rules are then created for all false positives.

• Attacks classified as of "Minor Severity" or below are examined once a week and exempt rules are then created for all the false positives.

Customers also receive weekly reports outlining the prevented attacks, abnormal network usage, changes to the rule-sets and network usage deviations from the Company's policies.

The solution is based on the Juniper Networks IDP or Reflex Security IPS platforms.

For more information or pricing please call us at (303) 543-0300 fill out this secure form.