NGIPS are Game Changers in Security
Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS).
Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. A lot of security vendors, like Cisco (with its ASA series) , NSS Labs, Trend Micro and IBM are also making their way into the NGIPS market. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?
The data suggests that the IPS relevance is gradually decreasing and first generation IPS systems are slipping on how effective they are perceived in stopping attacks. IPS systems have generally been deployed as a perimeter defensive solution; usually sitting inside the firewall to detect attacks that have made it past the firewall. In some cases IDS/IPS systems are deployed outside the firewall as part of a honeypot project. They allow organizations to gauge the effectiveness of their firewalls in working to stop traffic, and determine what type of attacks are being blocked by their firewalls. Most IPS systems block known attacks by using signatures to detect attacks. The problem is today’s attack’s are unknown, sophisticated, and have some sort of social engineering component that IPS systems cannot detect.
NGFWs with NGIPS systems add the ability to inspect applications, not just packets. They understand what the behavior of applications and protocols are supposed to be according to their published standards. If traffic behaves outside this standard, it will mark this traffic as suspicious. These next-generation security appliances are taking the best feature sets of web filtering, anti-malware, firewall, and IPS technology and putting them in a single appliance.
The value of next-generation IPS systems is that they are the modern next-generation monitoring tools. If you look at the top IPS vendors such as Sourcefire and McAfee (Intel Security), the value they provide is their integrated dashboard, which provides a quick barometer of the current state of security in an organization. Intel Security’s EPO product provides reporting from several different security products into one dashboard that gives a 360 degree view of security posture for the entire organization.
The powers of NGIPS systems are that they are modern day network monitoring and SIEM tools. They provide correlation of log and packet data, and integrate with vulnerability assessment tools. The naysayers who say the days of IPS systems are numbered may be right, but the days of next-generation threat management and detection are slowly getting on their verge.
Source | Security Blogger
