Guest Commentary: It seems like the Security industry is always coming up with a new category of software. What is an IPS and how is it different from an IDS? The president and CEO of nCircle advocates for integrated products.
Its a safe bet that fire safety has been around since just after our early ancestors first discovered fire. Over time, society has made smart investments in this discipline, to the point where we now feel protected and confident in our ability to fight fires - and the emphasis now is on prevention.
Compare this to network security, which is evolving rapidly, but relatively speaking, still in its infancy. As fire safety experts have been doing for more than a century, companies today are facing a growing need to make strategic investments in proactive technologies that will enable them to reduce threats before they can be exploited.
Addressing the Security Threat: Reactive Technologies
The growth of network security has been driven by a nearly overnight shift of business networks from private, proprietary technologies to the Internet. This transition has happened on a large scale during the past six to eight years.
As organizations connected to the Internet, thinking about security - which previously focused on internal security concerns - was turned inside out. Needing to protect their networks from external attack, companies started to look for new technologies.
The first technologies they turned to were largely reactive in nature, such as the firewall. The firewall was designed to prevent unauthorized access to networks, but some traffic still had to be allowed in, which in turn created opportunities for attackers. To remedy this, companies added new technology such as intrusion detection systems (IDS). Unlike firewalls, intrusion detection systems can actually detect when an attack is taking place on the network.
The challenge with IDS is that although the system can let you know when "break-ins," are occurring, large networks experience hundreds or even thousands of such attempts each day. That many alarms can be overwhelming to IT personnel who must figure out which attacks are truly a serious threat - and which are false alarms or of low risk.
Next page: The Next Step: Intrusion Prevention Systems