{"id":2148,"date":"2006-09-01T00:00:00","date_gmt":"2006-09-01T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/09\/01\/ips-technology-ready-for-overhaul\/"},"modified":"2021-12-30T11:40:47","modified_gmt":"2021-12-30T11:40:47","slug":"ips-technology-ready-for-overhaul","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/09\/01\/ips-technology-ready-for-overhaul\/","title":{"rendered":"IPS Technology: Ready for Overhaul"},"content":{"rendered":"<p>Get ready: Network-based intrusion prevention system (IPS) technology is due for an extreme makeover.  IPSes have been a source of frustration for many enterprises for some time because they stop only known threats and frequently generate false positives and false negatives.  Some organizations don&#8217;t even bother using an IPS: Joseph Foran, director of information technology for FSW, runs intrusion detection system (IDS) tools but not IPS.  Security researchers haven&#8217;t been impressed with IPS technology, either.  &#8220;I don&#8217;t have a lot of confidence in an IPS, nor do I recommend it to my clients,&#8221; says Sean Kelly, business technology consultant for Consilium1, which performs penetration tests for its clients.  Paul Morville, vice president of product management for IPS vendor Arbor Networks, says today&#8217;s IPS technology will increasingly be folded into the service provider cloud, integrated into the network switch, and blended with related technologies, such as network access control (NAC).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;It gave you a device to protect your vulnerable systems behind the network from SQL Slammer, Blaster, etc.,&#8221; says Richard Stiennon, president of IT-Harvest.  But major worm infestations aren&#8217;t the problem any more: &#8220;The trouble is what we&#8217;ve really been doing for the last four years is vulnerability and patch management.  &#8220;The driver for IPS hasn&#8217;t really been there.&#8221;<\/p>\n<p>In some cases, the technology is being integrated into hardware and services; in other cases, it is evolving to offer new capabilities.<\/p>\n<p>Arbor Networks&#8217; Morville says service providers and managed security service providers meanwhile are already delivering firewall and IPS-based services, and that trend of blended security services will &#8220;accelerate&#8221; over the next few years.<\/p>\n<p>Switches, too, are already coming with some IPS technology: Cisco, for instance, sells blades for its Catalyst switches with IPS functionality.   <\/p>\n<p>What about the signature-based limitations of IPSes?  IPS will also converge with anomaly detection and other features that expand its inspection capabilities beyond known threats, experts say.  Rate-based anomaly detection, such as spotting a traffic flood, makes sense at the perimeter, Morville says.  And behavioral anomaly detection &#8212; where you&#8217;re looking for individual people or hosts acting outside the norm &#8212; is best for the internal network, he says.<\/p>\n<p>Some experts envision IPSes deploying virtual machine technology &#8212; as FireEye&#8217;s does with its network access control (NAC) appliance &#8211;where virtual machines run copies of incoming traffic to see if it&#8217;s legit, rather than just using signatures.  The trick with a beefed-up IPS is getting good performance, though: Hardware would have to catch up to make it viable, especially if virtual machine-based features are added, says John Pescatore, a vice president with Gartner.<\/p>\n<p>http:\/\/www.darkreading.com\/document.asp?doc_id=102608&#038;WT.svl=news1_3<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2148","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2148"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2148\/revisions"}],"predecessor-version":[{"id":4635,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2148\/revisions\/4635"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}