Security configuration management in intrusion detection and prevention systems

This paper aims to study the impact of security enforcement levels on the performance and usability of an enterprise information system. We develop a new analytical model to investigate the relationship between the Intrusion Detection and Prevention System performance and the rules mode selection. In particular, we analyze the IDPS rule-checking process along with its consequent action on the resulting security of the network and on the average service time per event. Simulation was conducted to validate our performance analysis study. The results demonstrate that it is desirable to strike a balance between system security and network performance.