Cyber Security Academy · Lesson

Tuning and Deployment

Placing sensors and cutting noise.

Placement Is Everything

A sensor only sees the traffic that reaches it. Where you place IDS/IPS sensors determines what you can detect, so sensor placement is the first deployment decision.

Plan placement around your network's chokepoints and trust boundaries: the internet perimeter, between security zones, in front of crown-jewel assets, and at egress points where exfiltration leaves.

North-South vs East-West

Two traffic axes need monitoring:

North-south — traffic crossing the perimeter (in/out of the internet). Classic perimeter sensors cover this.
East-west — traffic between internal hosts. This is where lateral movement happens, and it is often unmonitored.

Attackers who land inside move east-west. A perimeter-only deployment is blind to them, so internal taps and segment sensors are essential for modern detection.

All lessons in this course

IDS vs IPS Concepts
Signature Rules with Snort and Suricata
Anomaly and Behavioral Detection
Tuning and Deployment

← Back to Cyber Security Academy