Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


IPSes are Coming of Age



 By: Dennis Fisher
2005-02-07
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Convergence with other security technologies, including IDS and firewalls and perhaps even anti-virus software, is key to the maturation of intrusion prevention systems.

Four years ago, the intrusion prevention system market consisted of a few next-generation intrusion detection system appliances with elementary blocking capabilities. Most vendors and analysts at the time said IPSes would remain a minor offshoot of the IDS segment, mainly because administrators were loath to run appliances that could block network traffic actively.

Those predictions, however, are proving false. The IPS sector has grown steadily and drawn the interest—and the deep pockets—of heavyweights such as Cisco Systems Inc. and 3Com Corp. The IPS market now encompasses a variety of in-line host and network solutions as well as large-scale network monitoring systems capable of making real-time changes in routers, switches and other devices to fend off attacks.

Click here to read eWEEK Labs review of Top Layer Networks IPS.

Some vendors, such as Sana Security Inc., have even moved the IPS concept to the desktop.

All this activity comes even as many experts say IPSes are still in their infancy, with much room left to mature. A key factor in that maturation will be the convergence of IPS with other security technologies, including IDS and firewalls and perhaps even anti-virus software, experts say.

Resource Library:

"The threats are getting faster, and were seeing more polymorphic code. The new appliances youll see down the road will be able to look directly at the behavior of malware and not the signature," said Steven Hofmyer, founder and chief scientist at Sana, based in San Mateo, Calif. "You will get more systems that use behavioral heuristics. If you can change the game so that you only need signatures about 10 percent of the time, thats a big change."

Today, most IPSes—like their IDS forebears—rely on signatures to identify attack traffic. A few use a system that models normal traffic on a protected host or network to help identify anomalies. Both approaches have their strengths and weaknesses, but Hofmyer said he believes that in the near future, most enterprise IPS solutions will incorporate a combination of the two.

"I think youll see IDS incorporated into IPS and anomaly detection; signatures and the option of prevention or just detection mode will all be part of it," Hofmyer said. "Still, not everyone will want to run it in prevention mode 100 percent of the time."

Other vendors also see convergence on the horizon and say enterprise customers now depend on IPS solutions to such an extent that they are considered part of the network infrastructure, much like switches or firewalls. Thats a far cry from the days when administrators would keep the IPS in listen-only mode for months for fear it might block legitimate traffic.

"Whats really important to customers now is that the products have the same level of maturity as other network security gear," said John Parker, director of product management at McAfee Inc., based in Santa Clara, Calif. "The IPS cant go down, but addressing redundancy and failover is not trivial. Were looking at redundant management now because what if theres a failure, and the next big outbreak occurs at that point?"

There are other challenges ahead for IPS as well. For example, how will the systems handle emerging technologies such as VOIP (voice over IP), which is becoming a mission-critical enterprise application?

To help IT managers develop a request for proposal for prospective IPS vendors, eWEEK Labs has put together a series of questions that can serve as a starting point. Click here for the sample RFP.

"Theres a challenge there in terms of recognizing and decoding packets for VOIP," said Jason Anderson, product manager at Lancope Inc., based in Atlanta. "Not everybody can do it. IPS is not going to solve all of your problems. Theres an important and necessary position for IPS in the enterprise, but its still only a piece. Its great for eliminating a certain amount of noise, but you still have to cover the traffic that gets through.

"IPS is more broadly accepted for prevention now, but its still typically turned on for a small subset of traffic where it can be highly accurate," Anderson said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: IPSes are Coming of Age
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}ks8q8c=mG-ƶon"!c䒔˩'o҃H$3%hݍFw?I9wur&56%3E]"I͝~x#(p(IFA)v@{iFuۚ8A&pTd>9|@vD)&Ӱ5Y |+[3}BF6\3Ѣb ^Pk$ȁ_MMJD>֥ϊL׶CoquB){ Cw&tb9 Q)+Jt/"(?c&c-4qFwN̚?0/PcwҴv[*v_eߌڭAx)B(#bF]߂KCI%۝߽Iؓ&thluD`YRi 3 LGmfCÑcPpmׇV Tq3c}fݷt{#Է@:S1)æI/#!꿩¥0~J V#vRA'ס" 'm_k|tvs< s~3 CoZeNDj%o~cns(p}=\'BL}:n/EӝÌfؖq[th(V*Z]QKru_):*{1g 2+[ѹy[\(Uu7ٺs m%k%m{|Ns~N5ox9vty/o;YHM~g/DJ V,D-ԁNVP? u.kQ2[-Kj%٥~hY̞ofVҘ gUUYA[~6t.nC㳣n;l,aV4*2V]鮘ȏwAժ}|qӽlnwMڝNY; i fɗVk! v~54Y01\ \^KjWdڽPy$Y)r{&8\Cj ݖeB_*D\˟G)L,Y`MImdƩ$|ǺzN2ߜ>o4C+D_x0ND9cf4M5 ,eg05@M)51rv!fBM)iK _{@U@ZZ~nV$9>Χ+foF"> 23r!DKI88gd{.ӰerqF]7kDm.-s5-wfcZVp3itZם6_.=t[+>cq4Y`A-. 8ǹ:~Stjt }J,PQWߣ*r%(NMf[ԑplPòǔIz}uΆmNQ}51'4}t>'჎$>h&ƋCriYnL-rӇtw@>+OݺzL^TŞ+LКk}0#GE 6]LR}t 9q HhQ0|s0Y[3aP#[ѽ:Fz?a#0.Zm{Ae^~}¢Pwݐhn&i &NH:nj4$a.*d٦39`߽h Iߵ(y@l/L+f9N)A\_.Ƈ5wtݴ٦͙qjS;_Aa"tLeB#`9N{S~`=϶Y$:L:%qK{]:0s k2'y='.Q1juϙܑm˹ϕ ߄T 9u# \ă r}͚X 4ؐ9|&Bw7cnS^7&㓫(\=PӔT318 FLyG ('SwFFJ V !zh'>eg Hu{o%,j?Jյ݋pz1Tۥa]hk%R?!d[0^Ԣ,Q|u$"!lsiŰ,B /0|M̆Тg?mM!*`5:m |TM._` }dҶ9<:+ՒI,Yvn()z?r XS^!ۮ!yr >OH) zS7HЦ0V}2PaBSjj33-F o+_`׆ K LȁUzu3ҝ|ie?,/ {eKKYq>O; V!2DD30`- FM{R^ 0kaT5Clq,Yri*wڶ{O?Qɺ@`WK ˙@'@:*X#çV "IJ8vYPzP* WG/{ʯ]1FA? %hPfJf,`\.8u݉M% W<))J5` L` T< t&{[ᔆcA#E .2 ZC `А(BrIa TWk\Pй٩ 7]@&Tt a"'1хڧ>nssa*/w+ )Z흧 IV/굄ЪZZsU|}8]et5MQ1pt0|jVN8eC>yL Z<>(:Ft%_*'ϰMqё,uoBr]TՑG7`sk'(bh!.־)X=0`6yip 9]R˶Ԙ@0+nCWG$?Gl7>̌k}P~WnPmYنHB:dDCtݣk;J8Kjmf15{AiM|ٜo!yUq@WIeĦ 24,ZdWW6>s}&nf]D{myC`vfD++)sR4WqomA؋W#7Cf˴W6i&01"4yP?OG]մJ ? 1F)W>|6Œ3+ls3fuq+ufP=zG:{r"w~琩occգsg8X$]3a0Qnak0eQ ʋzhBF -vf}Xi&̋F(+f6r A\ۥ@qc`AHOow!(.7@aOoRJR9HǞ1]]2Y1Gci}SU!ה1ZeΌ)Ь6ڴ#iA/Z2|]{6  8xYʊnVv` dV֪Ρg~huJJ]aQ" fQrME7uOM5:J$l"I(}O,KeGIվi1RʵRM()5CoED\%&&:& g6%KB?ͥ5?gDOBB9` Kܥ @vGnESA B) Q{lK[!u޺\C8n'[Ilyc.j&:~*a Hq+Z}_`NV$,: ?>{d',jBGI}? [&IO3ҿ++ C Bg\D@0|/GRiemRܑJ \X 8⺆arYç, ,_t2jUk`?y vBs:Q<&MMx)A`r0uq3(-E<91=qUaNV*Uًk\|xqLL^\}ۅ^[( L$T!DNn}дYtW%pmHIc{'ˁtҺ:s,&L{\z;At. {H:ӳA|}W;Zj\c0MC~?Hue[^N;]4 =LAIP 4p=$Y#Nճ2nw/Ok^a=; (FoޅsѺ>^/~{!9^vtxޕ`&!AG:^Dd0s|i]G6b `xѤ"bcxH/ ^!m Be\z5g ^|}XmslP5õhlSϝa֭ Bf-.3۟bB!bNgv\b{ȖVB 0F_Th)4zuSx[)5[;E_ſs}YVST t6~OWK0fAb+F+=ǭݏwGHI NAn|:p_HАY=ty9#- P^ݷ͆ؓ9{_Jǻoc$Ǯv'ۻw}Zw[q*ApCG<L?+fc:M"IQU֫˯Ȫ̅S.R؉7'2^q+:`tH_w.lFǵ4/ Z2fP:;G׍[qGecF0Xov}{E `͏4v4 ]ekw}K]݅J+z%nwQZhr;ԫKJIɇymQzSDD6Kh#iv.R_;+!bidOc@/ulvk)輳2 [a[#؞qaLpx2Feuw#S'gSc3/HF#xg(6-lF@|P;a6 *|b1 \<e&qFL|{rx8=&+/' g|o#&ڿ kN7&/6o).?.BӞ܊EQ@(2.mE.zQv%Fc7YS+x˗iL@g4ۺ YrR}yWw[;tKmXNR#4%v‹O4Hlp0Ő`rDrOG,'sTh/\,Ŝe6r\%U7ي *eNkLtOL(#3S[3XnE}9拀yf@:c_o.rڶ4S_~VJ"@qJwɳc83@69p_eij⩵櫀}Ebuf;.NQOUJ(K{ Ue3N9OOK8<|(HN:]Tf0-LjkU]FÝA<Lx' g,xnP 7{Y%g R/K~Lv({P621Qȃ23^-$G^#M\`X*iR3ޙ4oRuL$Ia$B8^+8bڥ;&6)K* /ѓNUJ㎗,גrLeJd埇]qT#uU/*I=USaA5N`T%*H5һ<[ۋOd)9<+q:.Ojjݰbxl0C Q4u&.z$XL0iDkJɮ;2g,)|j#;)lᆡ$NKBP:q}%@Rys\LH}_]`~H3Ob$Oq#)|_;WW&VDgҦ[1꾤ZݔQK/bwD]A庐N`YtAi(u>{+&ZTF* "qsNп5tHb4lX~Z.-&YI zM B(" b9 H{ yw7w7w7w77&e[sIS&ePwu&߾ѩ GR〰*4jhp[Ssmѷ 9Ğf7IVKuB  D4)o~5\ɺ RGz&hQWIzmN՛`!ab42" |sʬ01Yf9^UGB>᥉ Dhn_P7؞c$nKWl*"?Oxc8*$!M)ҷ4Ez 5E"!eU 3d1>gB(3DƈTi%>4=y/otv0d*:Ħ>SCu~ 0A! A(ߌBx.1-onZY$:w; YxH{#+/}ދ!,aY5.r.Y1)rφW[V^s t*7]}K\"7{PK ㎿+ŷz L/rA`~7^3Za y'BBSks-YiI-ڦCl(I#ۀچc չxQӫTuσdhkkOg]ʪ6cohJ %i[w;=W?%,DCXubM4t86eof3&e< m~k%R n *,> ztowwv]g4ε7 51X-/Em/o|[L@毀ײ@{U6I%1Y#Ћ'9dpW!ZL7=D۟R^yũܳExHS`܀c*ZWIY#3sxhX ϞO`UfTn#n$pK4&֯WOEF?z3,M?C"&1t#Me.b m0By7꤯ 7~q6F _N݋LYXcJ:*ǝ5\?ԝǝBST#1A$ZD1pS/]^0I'HrE#E<wD|Qޯ*F]{N9- 2n?]bG\(R^qodPְj  ۘ'=dd Ug*׶/q'Ѝ"j\DK0m+`'ScWF%3z J 0 ~AX^qS3&Ih~6Gcu\_& R(_3VGBA8AXJo,"%vEac`8wQ%H(h#8YL˃3^B=ʿsf41%!q>ƘKjtVSՒRR,w%[dLox?B鞐ք1x*B '9-S5B߿RUBI Ȕ=Hsr3#m@&/=m={y k_ں:q)y,۽9Z<1xfNTnpd*{ 1 nHu-MM s lkLTp*Bק6:̽OiMD0K*;JJEV^3tq='5*>5BYQ>x N5rY/,yXK\ ړv̝G0Tr^`}LTXC>,02X3wZ:<}Q-mEJ)!gd |pP[˜ozp׳Z ǁ;%Qx*&EhuXC@W&D}#i!BNGth'&v* &V*t|?H-g:w:~1~"js~s-ʒ2;@WlfmmEUk)7g%.0,%nS9ݱ=X ;G1>L__J)c#Qi^߈fFܞUkkؑIّ71Ք7ZvN[{1/Xov/>VHY+oS[YSF!_E_t|q֦!뜏q25+ St#?)){ڞUޒϞ)i4<:}}A6ڄyiǥ4YgMr'o\ixcOU׀gbxBW7˽}D['ٍIQ+62 1y \" p4;,R='yg0\^ #y &uY|27>z(4a4}99$.~W\Af;Н:*|e1uٵE:q0qa)~pՒ s؇*zk4:7/ʾR0F$u2#:́ ZQhTiED#RhbGBcOs? uϤt:pxXҚ0!<RAA26ƻpbZ1Ř!&"7,ǰlFLN19d$K#{+&(?-p֏D {GLƙ;fSZ,lF߀$Ryw vqY@y#LL݂zĂGx,}?5Dͼ͍$v/Znn|$Xg- .E.[a8; Sܕkوx,df,EףΛ]-GAGG71`p ?vf!usx\fH֎O$Ѕ:x,@#!9ωKkSc 7úޛZF #}AaP8Z  +z+uT'I]WP)9CȮ KTU:|.Oa@iyݬ_79.4W PRx 4 V cvFCThh t0 c3brLuvZWWIuCݫAwI:<&m[4z?V9?>t/;WAyb0cAl\_d _T Q9l]t283M BW=Bƫx]fy5sλ]-hq`1D?7 5N~q67a\nq4ħyx@zB32yT}n<=) )-VNy{9mAS~ O>'99X_~-4Ϻ˻B)useN9B}?Z_~sl׼ " {C E}./?/r"?QF/ssϠ,oP ()K^~+W9ssׇ9}}̡   M:Iʙ#g+\8=JW ͣ~TA_կ<$|sfнXi7{9ZeUB9W~y>%{'sg#q^WKͮ0Tntů-5nk ǤZuvņ^_BBU$X2M&#(R^>Ȧc˼_VRRw;]Sڤ\j.{]7[O'ikz(#s<2g!h{U26#{"̳1{ %Y#/ܻGzʉnS'/\2A<̎3nOArr mv3}_ća^r^`iB0HqmX<ap4c2 BLwY}n`$->X v;i;+kja5~f]324 /§On3E A=m :ИYLCɑ ( V kEF(l#byCܞ0@PJmXv&^;C. S@-\Vp[820tgG|םHή X3C>K5 D =b o[1Lc$2ǃBLSr(pIi)nrʌ˟$41^s˙f9cl0Da0G|XeoEod!K,^1PzSA۽"}מ VGSmTF\gȌQ)xރAGR$xMa{-ăV v,='IDπjUM$f@gQl(VxRBڮ9=RRļKlÏl[v 7RǙ,`+/2^;'gH2Gd!᳤c9*3>S2m-(Er};{,d/+2bХvHydwD.?L?!#R.ڐOF{)0XP4 &rd{Ko>tW$~ l|$_Oxƪ~SQxr='=з57b8[|i!zQ;lEVb0yMvSƸEߟ2"L)Ԧ3w(\*],5Ał<vvvp"#Q*Ү唛Ss̜GK@g0mѕh_Ym0o>`/#=^$c`WH؂{!Ҷ\)Vcʥ.Sܟ?Ba҇fFHŗX (K# L.`}9N]RjãÍGXǸ[ [) Iy>p <Щ0 JʶE=b농\Qm`-xa[An`Pgpx>YʐLW\ȏ, ˘V /kti( aavXe31#7Dn0BraH d[H_مuv3\j/YH~1 <99.@OI"c؛b9ʧ3~q (3Vt*N`wX;EkB(Ozu=tC*G꛺UEo}BeFBl4.$7`Eqw#[7nyQue[^Q(Zu RZv4"^ֳ/ 6A|>ǐy6gn&_1!ԿZe6TRA$ᑭ7}M1uc*d_)K]jq[OEQj)lئdTi29J{) qU/ųiS}& Cfaa%nǝlr n%96L]_X P/)