<div>
If we choose NGFW, the current McAfee roadmap will be affected, as an NGFW vendor needs to be involved to integrate the NGFW with TIE<br />
(Mcafee's Threat Intelligence Exchange)
</div>


If we choose NGFW, the current McAfee roadmap will be affected, as an NGFW vendor needs to be involved to integrate the NGFW with TIE
(Mcafee's Threat Intelligence Exchange)

<div>
<div class="content wysiwyg-content">
Our current McAfee NIDS is going to be EOSL soon so we're considering<br />
whether to upgrade to Intel McAfee's &nbsp; Threat Defense Lifecycle or<br />
dedicated NIDS or integrate NIDS function into our existing Checkpoint<br />
NGFW firewall? &nbsp; <br />
<br />
It's a perimeter NIDS (not internal network NIDS)<br />
<br />
Kindly assess in terms of<br />
a) performance : with dedicated NIDS, it won't affect firewall's performance?<br />
b) however, dedicated NIDS, need an extra console? &nbsp;Lack's integration with<br />
&nbsp; &nbsp; &nbsp;firewall (to block bad/malicious source IP ??) ?<br />
c) &nbsp;any other ... &nbsp;??<br />
<br />
I see a trend by vendors coming out with unified products from Cisco,<br />
Sophos, so does this mean this is the way to go ?
</div>
</div>


Our current McAfee NIDS is going to be EOSL soon so we're considering
whether to upgrade to Intel McAfee's   Threat Defense Lifecycle or
dedicated NIDS or integrate NIDS function into our existing Checkpoint
NGFW firewall?   

It's a perimeter NIDS (not internal network NIDS)

Kindly assess in terms of
a) performance : with dedicated NIDS, it won't affect firewall's performance?
b) however, dedicated NIDS, need an extra console?  Lack's integration with
     firewall (to block bad/malicious source IP ??) ?
c)  any other ...  ??

I see a trend by vendors coming out with unified products from Cisco,
Sophos, so does this mean this is the way to go ?

Unified Integrated Firewall+NIDS (NGFW) or dedicated NIDS

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.