IPS grows up
IPS grows up
The evergreen IPS has evolved, but some experts dispute whether new features are enough for today's attacks, reports Fahmida Y. Rashid.
While talking to some customers, Dan Holden, director of ASERT (Arbor Security Engineering and Response Team), a division of Chelmsford, Mass.-based Arbor Networks, noticed a “fundamental” shift in how they were looking at security.
These organizations, Holden found, weren't planning out projects to deploy anti-virus, firewall or intrusion prevention systems throughout the enterprise. Rather, they had projects addressing specific problems, such as botnets, distributed denial-of-service attacks (DDoS) and advanced persistent threats (APTs).
Customers were asking, “Can you help us solve these problems?,” and were not asking what products they should be buying. The realization was an “ah ha” moment for him. The threat landscape was driving the conversation on how to defend the network, which is a departure from the past, when administrators typically first deployed the security technology and then figured out how to block the attacks, Holden says.
The average network has grown exponentially over the past few years – with many people having more than one internet-connected device and spending more time online for both work and personal use. Having insight into what is entering and leaving the network is critical, and the ability to block malicious traffic from coming in is paramount. But specialized systems and advanced network security technologies have hit the market in recent years, there is no reason for organizations to abandon mainstay solutions, such as intrusion prevention systems, experts say.
“Defense-in-depth doesn't mean buy the best everything in the market,” Holden says.
Traditionally, organizations bought IPS and deployed the technology as the first line of defense outside the network perimeter and the firewall, says Pierluigi Stella, CTO of Network Box, a Houston-based computer security systems provider. All traffic first had to pass through the IPS and then the firewall, before reaching individual systems inside the network. The IPS was designed to be fast and lightweight in order to scan, identify and block malicious packets without slowing down network performance, Stella says.
And, as the network expands and evolves, basic security measures should remain the same. “I still have a strong door to keep people out [of my house], even though I have an alarm system and a camera,” Stella says.