Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

The Evolving Role of Intrusion Prevention Systems

Threats to our networks are faster, smarter, more prevalent, more targeted, and more elusive than ever before. At the same time, the number and types of operating systems, applications and services running on the network continue to grow. Gaining visibility into different user types – remote, mobile, third-parties, and by job function – and accommodating their unique requirements adds even greater complexity when it comes to protecting our IT infrastructure.

Threats to our networks are faster, smarter, more prevalent, more targeted, and more elusive than ever before. At the same time, the number and types of operating systems, applications and services running on the network continue to grow. Gaining visibility into different user types – remote, mobile, third-parties, and by job function – and accommodating their unique requirements adds even greater complexity when it comes to protecting our IT infrastructure.

Security IPSTraditional Intrusion Prevention System (IPS) solutions have advanced in their ability to defend networks against a barrage of attacks. Strong IPS solutions include default policies and rules written to the vulnerability not the exploit. However, network security has continued to evolve and so have the needs of security administrators and executives.

For example, IPS systems have generally focused on detecting attacks against servers and server-based applications. But today, attackers are increasingly employing attacks against clients and client-side applications. As a result, the ability to identify and respond to attacks against a new set of targets is essential.

Besides their vulnerability to attacks, applications are now subject to increased scrutiny as organizations implement usage controls and limits. Just a few short years ago, a full-featured IPS might only have needed to support inspection of a handful of applications. However, today, led by social networking and communications applications, the number of apps that must be identified and inspected has grown significantly.

In addition, traditional IPS solutions generate lots of data, but they do not transform that data into useful, actionable information. With too many alerts, too many false alarms, and not enough information about what really happened, IT staff is burdened with sifting through endless intrusion alert logs to separate what’s relevant from what’s not and determining which IPS rules to enable on the network. PCI DSS and other regulations have further increased the management burden by demanding visibility into which users are associated with specific IPS events and network activities.

How does this changing landscape affect IPS?

• Ready access to contextual data, such as applications, user identity, devices on the network and network behavior, becomes essential when assessing and responding to attacks, and in maintaining defenses.

• Utilizing this contextual data to streamline security operations is increasingly critical to both security and compliance initiatives.

To better respond to today’s dynamic threats, protect the assets of an organization and address administrative requirements, we are seeing the emergence of Next-Generation IPS (NGIPS) solutions that incorporate contextual awareness and intelligent automation.

Advertisement. Scroll to continue reading.

Contextual awareness provides users with detailed information such as the actual applications and systems that form the network, the individual users and groups found on the network and the precise composition and expected behavior of the network being protected.

Threats posed by specific applications along with usage policies prompt organizations to develop standards articulating the applications permitted on a given network or segment. The ability to automatically identify applications enables proactive enforcement of these standards.

Intelligent automation ensures responses to security events are both timely and consistent. The number of incidents, the complexity of networks, and the increasing criticality of compliance and standards initiatives all demand the ability of the NGIPS to classify and report on severity of events in real-time. Automation also helps reduce the ongoing administration and management burden by addressing routine tuning, update, and maintenance tasks. Equally important, strained security staffs are now freed up to focus their attention on only the most crucial and challenging problems.

The evolution of IPS and security as a whole is far from over. Security teams are increasingly challenged to address a variety of functional requirements in a diverse mix of network environments. Contextual awareness and intelligent automation will form the foundation for next-generation technology that will continue to evolve to meet the needs of security teams for an effective enterprise defense strategy.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.