In simpler times, simpler security tools were enough – stick a firewall at the edge of the network and relax. But threats multiplied and became more sophisticated.
“Now the attacks are so vicious and so quick that by the time the customer goes to the intrusion detection system it’s already happened and it’s too late,” says Jordan Kalpin, Canadian regional manager for Internet security systems at IBM Canada Ltd. in Markham, Ont. “So in effect the intrusion detection system, because it didn’t block anything, became a forensics tool that they went to after the fact to see exactly what happened.”
So intrusion prevention systems (IPS) – designed not just to monitor network activity but to block suspicious traffic – have largely supplanted IDS. But even they struggle to keep up with evolving threats and faster networks.
Gigabit connections between internal data centres are giving way to 10-gigabit connections, says James Collinge, director of product line management at IPS vendor TippingPoint, a unit of 3Com Corp. in Marlboro, Mass. External connections may be anything from T1 speeds to 100 Megabits per second.
Support for 10-gigabit throughput is “a big focus right now,” says Michelle Perry, chief marketing officer at Columbia, Md.-based Sourcefire Inc. TippingPoint recently launched a Core Controller that can distribute traffic on a 10-gigabit link across multiple IPSs – eliminating the need to replace older IPS gear, Collinge says.
IPSs are also spreading from the perimeter throughout the network. “One of the things that we’re seeing more is the need to protect the core of the network as well,” observes John Yun, product marketing manager at Sunnyvale, Calif.-based Juniper Networks Inc. Infected laptops or memory sticks may introduce threats from inside. Strategically placed IPSs can stop them spreading.
Customers’ networks are easier to keep up with than the proliferation of threats.
icon.
