"Failing to move from legacy intrusion detection to next-generation Intrusion prevention systems is costing businesses time and money," says Patrick Hayati, Regional Director McAfee Middle East..
If you're still solely relying on Intrusion Detection Systems (IDS) to protect your enterprise network from security breaches, you could be exposing your business to serious risk. Relying solely on legacy IDS can be a big mistake that can cost your company dearly. The dynamic threat landscape is forecasted to generate more malware in the next two years than we've seen in the past 20 years combined. Couple this with the huge growth and adoption of high-speed performance 10-Gigabit Ethernet (10GugE) networks and it's clear that businesses now, more than ever, need proactive, real-time protection offered by next-generation Intrusion Prevention Systems (IPS).
IDS technology, originally developed by universities and government agencies in the late 1980s, was introduced to the market and became the prevailing approach to network security solution in the mid to late 1990's.
Since that time, proactive intrusion prevention technology made its debut, evolving over the last few years to become a mainstream security technology. The primary difference between legacy IDS and today's IPS solutions revolves around the response and action of the technologies. Legacy IDS technology provides passive threat detection. It generates alerts when a threat or attack is seen so that the necessary investigation can be initiated. Next-generation IPS technology goes beyond passive detection to proactively block, prevent, and/or restrict intrusions and attacks in real time.
Nowadays, most industry analysts, security experts, and enterprises are fully aligned with the benefits of and need for next-generation Intrusion Prevention Systems. This shift in perspective was further influenced by a Gartner Group report that declared that stand-alone IDS was dead and predicted that IDS solutions would be phased out by 2005. However, despite the Gartner report and the prevalence and growth of IPS, many enterprises are still using passive, legacy IDS solutions. In the end, there are distinct benefits to having both-built around the premise that you must first be a world-class IDS before becoming a world-class IPS.
As such, most enterprises today leverage their next-generation IPS solutions for detection and prevention gradually moving from detection to prevention in some areas, while leveraging out-of-the-box default blocking in critical network locations. Understanding the need to have both world-class detection and prevention in a single next-generation platform, McAfee introduced the world's first IDS/IPS solution.
Today, the McAfee IntruShield® IPS solution represents the only Application-Specific Integrated Circuit (ASIC) intrusion detection and prevention appliance, allowing enterprises to move from passive detection to real-time prevention with a click of a mouse.
What is IPS?
An intrusion prevention system (IPS) is a computer security device that is deployed "in-line" to monitor network and/or system activities for threats, attacks, and malicious behaviour. As a result, next-generation IPS solutions are able to provide proactive, real-time protection from known, zero-day, DoS, phishing, and encrypted attacks. They also protect against threats like spyware, VoIP vulnerabilities, botnets, malware, network worms, Trojans, and peer-to-peer applications.
IPS aggressively prevents virus and infiltrations while sitting inline with network traffic and stopping attacks from entering in real-time. IDS passively monitors traffic through the network, detecting vulnerabilities and flagging them to a system operator.
An ROI worth the Investment...
Another mistake that many businesses make is dismissing IPS solutions as "too expensive" and "not cost-effective." Every enterprise needs to protect itself from malicious attacks, viruses, and other vulnerabilities. But good solutions don't come cheap. Many CIOs don't consider the significant time outlay involved in implementing an IPS system to be cost effective.
IPS is typically designed to operate with total invisibility on a network. IPS products do not have IP addresses for their monitoring segments and do not respond directly to any traffic. Rather, they merely silently monitor traffic as it passes.
For this reason, unlike IDS, IPS does not need a full-time IT staff member to monitor every system. With IPS in place, companies need only dedicate one hour a day of one employee's time to monitoring the network--a huge savings in time and dollars. It's also easy to upgrade to IPS if you already have an IDS system.
IPS technology offers deeper insight into network operations, including information on overly active hosts, bad logons, inappropriate content, and many other network and application layer functions.
CIOs can't afford to ignore the benefits of IPS, namely reduced staff workload and less money spent on enterprise security solutions. IPS may cost more than IDS to implement but, with the two systems working together, in the long run it will leave the company with better, more cost-effective network protection.
The IPS Business Case...
For such an expensive solution, even the most forward-thinking of CIOs need to present hard evidence to the board that IPS is worth the investment. Perhaps one of the biggest downfalls next to lack of understanding is the attitude that there isn't really any evidence that IPS saves time and money.
A recent report published by Ifonetics found that the true equaliser of all data security systems was the time that a business spends recovering from threats. Accepting that businesses of all sizes and types have experienced a successful attack, the report looked at how much time and money it takes to recover from an exploit. The report found that large US organisations are losing an average of 2.2% of their annual revenue, or more than $30m, to security attacks. (Infonetics: The Costs of Network Security Attacks 2007).
A key concern for enterprise CIOs should be addressing this so called "downtime."
The report estimated that organisations that had not yet deployed network-based IPS would see roughly the following gains after implementing network-wide IPS:
DOS attacks: 65% reduction in downtime hours
Server malware: 50% reduction in downtime hours
lient malware: 40% reduction in downtime hours
Conclusion
Many organisations and enterprises have yet to make the move from legacy IDS to next-generation IPS. Even more surprisingly, some enterprises haven't deployed any IDS or IPS technology at all. As enterprises invest in more sophisticated technology and upgrade to high-performance networks, CIOs are being presented with new security challenges that are forcing them to seriously consider upgrading to the next level of security. By not taking the time to evaluate existing security protection systems, companies are exposing their networks to unnecessary risks.
-Ends-
© Press Release 2007
