1

We have a client web application running in Azure Kubernetes. There was an optional requirement to implement IPS for the application. It was considered optional, because the application that we are using is not of a complex network architecture. And apart from that we have Cloudflare in place which we think might do the work to protect the web application.

We tried to to contact a couple of vendors for the same and somehow they weren't responding to our emails. The major factors in this scenario are the cost and implementation difficulties for us.

We look forward to intrusion prevention in network level. We are out of UK and US so there is no GDPR, and specifically there are no strict compliance standard to follow. We wouldn't require an SIEM module since it is a lite application.

So, basically I have the below queries in general.

  1. What is the cost range of a typical IPS solution. Let's say, in our case it's just a medium sized web application hosted in Kubernetes under Azure. How much does an IPS cost for this? I don't want an exact figure, because I know it depends on various factors. A broad range is fine.

  2. What is the implementation complexity? We had security in place from around 70% of the total completion of the project and the last sprint is dedicated for security. We have a 2 member devops team in place. Both doesn't have previous experience in IPS implementation. But they have experience in implementing organization level firewall and web application firewall such as Cloudflare(just to mention where our knowldge stands on IPS implementation). Can this be setup without much hassle? For example within a week of time for this small infrastructure?

    We are into our final sprint and don't have too much time to spend. So we need to get into a decision between security-cost-time.

Community
  • 1
Anonymous Platypus
  • 1,392
  • 3
  • 18
  • 33
  • The cost would depend on the size of your infrastructure but the general cost of IPS for a CISCO ASA is around 1k Eur / year with AMP included. – Overmind Nov 21 '19 at 08:25
  • @Overmind What about the implementation complexity? And do you think it is necessary to have an IPS over Cloudflare for the application mentioned above? What is your suggestion? – Anonymous Platypus Nov 21 '19 at 08:51
  • @AnonymousPlatypus: The question is too broad. It is unclear what the actual risks in terms of possible vulnerabilities and attack surface is and what the costs of potentiell loss of business, legal costs (like with GDPR) etc are. It is thus unclear what the actual requirements for the IPS are - there is no "one size fits all requirements and is also cheap" solution. And it is unclear what your knowledge is and thus nothing can be said about the implementation complexity: what can be trivial for others might be too complex for you. – Steffen Ullrich Nov 21 '19 at 09:25
  • @AnonymousPlatypus: *"We are into our final sprint and don't have too much time to spent."* - this suggests that security is an afterthought in your development and that you hope to fix all the vulnerabilities you might have but don' know with some IPS in front of it. Only, an IPS will likely not help here as much as you expect. – Steffen Ullrich Nov 21 '19 at 09:28
  • @SteffenUllrich Thank you for the comments. I have edited the question to add more clarity. Could you please check now? – Anonymous Platypus Nov 21 '19 at 11:14
  • @AnonymousPlatypus: It's better but I still find it too unspecific. What exactly you want to use an IPS for if you already use the Cloudflare WAF, i.e. what risks you see which you don't find addressed by the WAF but which you think a IPS can handle? Or do you just want to have the IPS checkbox ticked? – Steffen Ullrich Nov 21 '19 at 11:26
  • @SteffenUllrich This is where I too need an answer. I only know that an IPS can prevent against certain network level attacks such as IP fragmentation attack. I don't know how much those network level attacks pose a risk on the application in this case. So we need to reach at a decision where it is really worthy spending time and money on this. I understand IPS has a purpose, but when Cloudflare is already in place is IPS really necessary? If the pricing and implementation complexity is not too much, then we would definitely go for it. – Anonymous Platypus Nov 21 '19 at 11:33
  • 1
    @AnonymousPlatypus: There is a range of capabilities a IPS might or might not offer, depending on the IPS. But IP fragmentation for example is not even a problem if your are fully behind a WAF. *"medium sized web application hosted in Kubernetes under Azure"* does not really describe how good or bad the application is designed, what it does, what kind of data need to be protected etc. It is no wonder that *"somehow they weren't responding to our emails"* with this kind of unclear specification. It might be the best to get some local security expert who takes a look at your exact application. – Steffen Ullrich Nov 21 '19 at 11:44
  • @SteffenUllrich Ah, sounds a bit harsh. But that's definitely a worthy point for me. Let me do a little more research into this. Now, I know that my understanding on IPS was improper. I should a little more search, revise the email template and get back here. Thanks for the discussion. – Anonymous Platypus Nov 21 '19 at 11:52

0 Answers0