FOR - Ron Smith, director ofproduct marketing, Configuresoft
While applauding the recent advances in IP technology, the fact remains that it reacts once attacked. Since this response follows a network attack, intrusion prevention technology will never be the silver bullet, but rather another layer of tools in your defense against security threats. Analysts report that up to 90 percent of all security breaches are due to misconfigured networks.
An IP technology might monitor network traffic, but doesn't have a clear understanding of how its network is configured or any context about the systems it is trying to protect. It must enforce network security policy by managing and reducing exposure to attacks in the first place. In this age of blended threats, organizations need something more than a point product. They are constantly in a state of flux, and network configurations can easily diverge from the expected or desired state. When an IP technology can address the broader issues of both internal and external security threats, and adopt a proactive compliance strategy, only then might it begin to deliver on its promise.
AGAINST - Brian O'Higgins, CTO, Third Brigade
As security threats continue to evolve, with targeted attacks now the most damaging IT threat to enterprises, intrusion prevention is a necessary part of an overall security strategy.
IDS solutions are like motion detectors, they go off, but by the time you can respond, the damage has been done.
IPS is a proactive approach implemented inline. Rather than just monitoring and logging events, an IPS drops the attack traffic, and lets the good traffic through.
IDSs are typically tuned to be aggressive in looking for attacks, which means a lot of false alarms, but modern IPSs can operate at very accurate levels. They don't rely on signature updates of attacks, they also use deterministic, rules-based techniques to protect against vulnerabilities themselves, not just the data patterns of known attacks.
When IPS is implemented at or on the host, the tuning can be even more precise. Policy can be enforced more accurately at this granular level, instead of a general level for the entire network, resulting in highly effective protection.