Threats to our networks are faster, smarter, more prevalent, more targeted, and more elusive than ever before. At the same time, the number and types of operating systems, applications and services running on the network continue to grow. Gaining visibility into different user types – remote, mobile, third-parties, and by job function – and accommodating their unique requirements adds even greater complexity when it comes to protecting our IT infrastructure.
Traditional Intrusion Prevention System (IPS) solutions have advanced in their ability to defend networks against a barrage of attacks. Strong IPS solutions include default policies and rules written to the vulnerability not the exploit. However, network security has continued to evolve and so have the needs of security administrators and executives.
For example, IPS systems have generally focused on detecting attacks against servers and server-based applications. But today, attackers are increasingly employing attacks against clients and client-side applications. As a result, the ability to identify and respond to attacks against a new set of targets is essential.
Besides their vulnerability to attacks, applications are now subject to increased scrutiny as organizations implement usage controls and limits. Just a few short years ago, a full-featured IPS might only have needed to support inspection of a handful of applications. However, today, led by social networking and communications applications, the number of apps that must be identified and inspected has grown significantly.
In addition, traditional IPS solutions generate lots of data, but they do not transform that data into useful, actionable information. With too many alerts, too many false alarms, and not enough information about what really happened, IT staff is burdened with sifting through endless intrusion alert logs to separate what’s relevant from what’s not and determining which IPS rules to enable on the network. PCI DSS and other regulations have further increased the management burden by demanding visibility into which users are associated with specific IPS events and network activities.
How does this changing landscape affect IPS?
• Ready access to contextual data, such as applications, user identity, devices on the network and network behavior, becomes essential when assessing and responding to attacks, and in maintaining defenses.
• Utilizing this contextual data to streamline security operations is increasingly critical to both security and compliance initiatives.
To better respond to today’s dynamic threats, protect the assets of an organization and address administrative requirements, we are seeing the emergence of Next-Generation IPS (NGIPS) solutions that incorporate contextual awareness and intelligent automation.
Contextual awareness provides users with detailed information such as the actual applications and systems that form the network, the individual users and groups found on the network and the precise composition and expected behavior of the network being protected.
Threats posed by specific applications along with usage policies prompt organizations to develop standards articulating the applications permitted on a given network or segment. The ability to automatically identify applications enables proactive enforcement of these standards.
Intelligent automation ensures responses to security events are both timely and consistent. The number of incidents, the complexity of networks, and the increasing criticality of compliance and standards initiatives all demand the ability of the NGIPS to classify and report on severity of events in real-time. Automation also helps reduce the ongoing administration and management burden by addressing routine tuning, update, and maintenance tasks. Equally important, strained security staffs are now freed up to focus their attention on only the most crucial and challenging problems.
The evolution of IPS and security as a whole is far from over. Security teams are increasingly challenged to address a variety of functional requirements in a diverse mix of network environments. Contextual awareness and intelligent automation will form the foundation for next-generation technology that will continue to evolve to meet the needs of security teams for an effective enterprise defense strategy.