I found the feature on intrusion prevention systems in last month's issue ("Intruding on the bottom line", p30 ) very interesting.
It highlighted a common misconception concerning this key security technology. What users often fail to understand is that an IPS is a complementary technology to a firewall, not a replacement for it.
Because IPS systems are able to block attacks and provide limited firewall functionality, there is a mistaken belief that they can be used in place of firewalls. But the role of an enterprise firewall is much broader than that. Similarly, firewalls do not provide the same functionality as IPS devices and cannot necessarily detect and prevent attacks that specialist IPS systems can.
One of the reasons why IPS implementations have sometimes failed is that the purpose, capabilities and limitations of the technology have not been fully understood in advance. This is often seen when an IPS solution is misguidedly deployed at an internet gateway as a hacker prevention tool. It is also unlikely that an IPS will work successfully without human intervention.
An IPS produces significant amounts of information about network activity, which requires handling by a powerful management system. If this critical component is missing, an IPS will not be as effective as it can be. Therefore without a good quality firewall in place, an IPS solution will not fill the gaps.
Paul Brettle, UK and Ireland country manager, Stonesoft.