Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

The Evolving Role of Intrusion Prevention Systems

Threats to our networks are faster, smarter, more prevalent, more targeted, and more elusive than ever before. At the same time, the number and types of operating systems, applications and services running on the network continue to grow. Gaining visibility into different user types – remote, mobile, third-parties, and by job function – and accommodating their unique requirements adds even greater complexity when it comes to protecting our IT infrastructure.

Threats to our networks are faster, smarter, more prevalent, more targeted, and more elusive than ever before. At the same time, the number and types of operating systems, applications and services running on the network continue to grow. Gaining visibility into different user types – remote, mobile, third-parties, and by job function – and accommodating their unique requirements adds even greater complexity when it comes to protecting our IT infrastructure.

Security IPSTraditional Intrusion Prevention System (IPS) solutions have advanced in their ability to defend networks against a barrage of attacks. Strong IPS solutions include default policies and rules written to the vulnerability not the exploit. However, network security has continued to evolve and so have the needs of security administrators and executives.

For example, IPS systems have generally focused on detecting attacks against servers and server-based applications. But today, attackers are increasingly employing attacks against clients and client-side applications. As a result, the ability to identify and respond to attacks against a new set of targets is essential.

Besides their vulnerability to attacks, applications are now subject to increased scrutiny as organizations implement usage controls and limits. Just a few short years ago, a full-featured IPS might only have needed to support inspection of a handful of applications. However, today, led by social networking and communications applications, the number of apps that must be identified and inspected has grown significantly.

In addition, traditional IPS solutions generate lots of data, but they do not transform that data into useful, actionable information. With too many alerts, too many false alarms, and not enough information about what really happened, IT staff is burdened with sifting through endless intrusion alert logs to separate what’s relevant from what’s not and determining which IPS rules to enable on the network. PCI DSS and other regulations have further increased the management burden by demanding visibility into which users are associated with specific IPS events and network activities.

How does this changing landscape affect IPS?

• Ready access to contextual data, such as applications, user identity, devices on the network and network behavior, becomes essential when assessing and responding to attacks, and in maintaining defenses.

• Utilizing this contextual data to streamline security operations is increasingly critical to both security and compliance initiatives.

To better respond to today’s dynamic threats, protect the assets of an organization and address administrative requirements, we are seeing the emergence of Next-Generation IPS (NGIPS) solutions that incorporate contextual awareness and intelligent automation.

Contextual awareness provides users with detailed information such as the actual applications and systems that form the network, the individual users and groups found on the network and the precise composition and expected behavior of the network being protected.

Threats posed by specific applications along with usage policies prompt organizations to develop standards articulating the applications permitted on a given network or segment. The ability to automatically identify applications enables proactive enforcement of these standards.

Intelligent automation ensures responses to security events are both timely and consistent. The number of incidents, the complexity of networks, and the increasing criticality of compliance and standards initiatives all demand the ability of the NGIPS to classify and report on severity of events in real-time. Automation also helps reduce the ongoing administration and management burden by addressing routine tuning, update, and maintenance tasks. Equally important, strained security staffs are now freed up to focus their attention on only the most crucial and challenging problems.

The evolution of IPS and security as a whole is far from over. Security teams are increasingly challenged to address a variety of functional requirements in a diverse mix of network environments. Contextual awareness and intelligent automation will form the foundation for next-generation technology that will continue to evolve to meet the needs of security teams for an effective enterprise defense strategy.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).