In simple terms, IDS may be perfectly suited for network attack monitoring and for alerting administrators of emerging threats.
But its speed, performance, and passive limitations have opened the door for IPS to challenge it as the proactive defense
weapon of choice.
Hampered by a lack of processing power and by generic attack profiles, IDS has at times been dogged by inconsistency and mixed
performance. Unlike the probe- and scanning arm-equipped IDS, IPS boasts that its role is a “traffic cop” that encompasses
an active network infrastructure element to deflect or drop malicious file packets and shape traffic flows based on priority
and possible attacks.
By creating policy-based security zones, IPS can either turn away or “lock-up” malicious traffic such as viruses, worms, Trojans,
and blended attacks for future inspection. Security experts are beating the drum that letting good traffic pass -- even if
it is flagged -- is just as crucial as turning away bad traffic.
Responding to that call, a number of companies with a variety of techniques are attempting to navigate the IPS maelstrom.
Host-based IPS players, including Entercept Security Technologies and Okena -- recently purchased by Cisco -- implement software
that sits at the server to defend OS platforms and applications from incoming attacks. IPS as a host-based flavor relies heavily
upon behavioral rules and signatures depending on the nature of the threat.
In addition, host-based IPS, such as Entercept’s offering, allows users to create specific, targeted exceptions directly to
policies. This results in fewer configuration headaches.
Network-based IPS takes a different tack. Whereas host-based IPS typically off-loads traffic for later analysis, network-based
IPS sits in-line and views content in a process more closely aligned to real-time. Network-based IPS companies include TippingPoint,
Top Layer Networks, and Intruvert.
Lastly, big-name firewall and VPN vendors have also shown a definitive interest in IPS through acquisitions or by applying
signatures for protocol anomalies as part of their products. Cisco, for example, purchased Okena and Psionic Software, and
NetScreen Technologies’ ASIC-based appliance benefits from technology received in the acquisition of former managed security
services and IPS vendor OneSecure.
Although it could face limitations in the IPS arena due to its software makeup, CheckPoint is determined to make its mark
on the segment as well. Last year the company introduced SmartDefense, a solution that provides intrusion protection at both
the network and application levels. Moving further away from a traditional firewall, SmartDefense also offers the latest signature
updates on a subscription basis.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
