With the continued increase in the number of threats to corporate networks, the importance of network security remains a major issue. Yet the plethora of security offerings means that determining which devices and technology are required for a network and which will provide the best value for money has become more and more difficult.
Enterprises have to think towards the future and to invest in additional security technologies to provide higher levels of security as their business and market evolves. Analysts worldwide believe “high speed hardware-based firewalls will be one of the key building blocks for security platforms that will enable enterprises to proactively prevent intrusions rather than simply reactively alarm after attacks succeed”. This calls for a comprehensive and layered security approach that provides the highest level of security and preventative capabilities.
Firewalls are the first layer of protection against network threats. However, firewalls need to be supplemented by a device that can detect attacks hidden in the traffic (and inside the packet) that is allowed into the network — and prevent the attacks from doing damage.
Intrusion detection systems (IDS) were introduced to address this requirement but due to the very nature of IDS and the way it is placed in the network — like a sniffer sitting on the sidelines — issues such as false alarms, manageability, and the lack of prevention capabilities plague it.
The next generation of IDS is IPS (intrusion prevention systems), but again, a number of IPS solutions on the market are little more than repackaged IDS products — look fierce but lack capabilities to detect and hence prevent intrusions.
Effective IDS/IPS products must both detect AND prevent. To do so, they must be inline (in the data path) so that they are fully integrated with the network and deeply involved in dataflow processing. They must offer very efficient and high accuracy levels of detection capabilities such as utilising multiple detection mechanisms (common IDS solutions in the market can only offer one or up to two detection mechanisms), thereby reducing false alarms (known as false positives). A centralised policy-based, rather than device-based, management capability can collect, aggregate and make sense of log data, enabling the administrator to make better control and planning.
Return on investment is a significant added bonus in addition to the added security. It has been found that many companies deploying IPS experience an ROI of up to 80 per cent in the first year of IDP over passive IDS deployment.
Paul Serrano is senior director of marketing, NetScreen