Intruding on the bottom line
- Article 2 of 33
- SC Magazine, July 2006
Are intrusion prevention systems worth the effort of managing them? Or can you get away with a good firewall? Rob Buckley investigates
Page 1 | Page 2 | Page 3 | All 3 Pages
Instead, he advocates a more “belt and braces” approach, with IPS potentially giving a window of comfort for organisations, during which they can tighten their security, apply patches and so on, when they become aware of a problem thanks to the IPS.
Similarly, Scott Lucas of Extreme, which sells network-based IPSs, suggests that the behavioural analysis tools used by most IPSs need time to become ‘sure' of an attack; certain hosts might need to be “sacrificed” on the network before the IPS can decide with certainty that traffic is malicious and block it.
If an organisation decides that it does need an IPS, this works best as part of a unified security strategy. Relying on an IPS by itself to protect against all attacks would be foolhardy. However, relying on a combination of dedicated anti-virus, firewall, IDS and IPS technology, among other tools, should be enough to protect most organisations against the majority of attacks while providing the necessary forensic evidence afterwards.
This approach does bring with it some increased management requirements, although these are not as great as the requirements imposed by earlier IPSs.
As Paul Brettle, systems integration company Stonesoft's country manager for the UK and Ireland, puts it: “There are a few large American companies that say it's as simple as a click of a button. Get a life: it's never going to happen. That's massively over-simplified.”
But it can become a manageable technology, with improved integration with security management consoles, improved intelligence in the devices, and improved implementation strategies.
Most organisations, however, don't need an IPS, adds Brettle: “If you have a good firewall, you probably don't need one.”
IPSs are an evolution of IDS; they still require management and fine-tuning, although those problems are being reduced. For many organisations, they are unnecessary. They are certainly not a panacea. But for those high-risk businesses that are prepared to invest time and money managing it, and who are able to use the technology in conjunction with other proven security systems, IPS has the potential to protect against many of the minor – and some of the major – security problems facing organisations today.
Page 1 | Page 2 | Page 3 | All 3 Pages