For years the two principal pillars of network security have been the firewall and the anti-virus system. Many enterprises are now adding a third pillar — the intrusion prevention system (IPS).
A recent report from research firm Infonetics pegged the global IPS market at US$ 128 million in total revenue last year. That isn’t huge compared to other technologies, but IPS is going to get bigger. Between 2004 and 2008, the Infonetics report predicted the IPS market would grow by about 39 per cent a year.
It’s easy to see why IPSes are gaining in popularity. A May attack on Atlanta-based credit card processing firm CardSystems, that left up to 40 million credit card numbers exposed, showed the potential consequences of an inadequate network security plan. CardSystems’ entire business is now in jeopardy, with Visa and American Express saying they will no longer use the company to process their cards.
So what exactly is an IPS? In a nutshell, it’s a system that can be either hardware- or software-based, that identifies attacks on the network and can take action to shut those attacks down.
Unlike a firewall, which is configured to block certain services, an IPS inspects network traffic flows and takes action only if it detects suspicious activity, says Ross Armstrong, a senior research analyst with Info-Tech Research Group in London, Ont. “An IPS might block all traffic from an originating IP address, or shut down vulnerable software services if a threat is detected,” he explains.
Some IPSes are appliance-based devices that reside in front of an enterprise firewall. Others are software-based agents that can be installed at important points on the network. Which device is right for an enterprise will vary depending on the individual network, Armstrong says.
“With a host-based IPS, agents that reside on servers, you might want those for databases where you do a lot of financial transactions,” he says. “That’s where your critical data is.”
The IPS is an evolution of the intrusion detection system (IDS), which has been around a lot longer, Armstrong notes. The main difference between the two is that an IPS can take action based on events, whereas an IDS would just issue an alarm if it detected suspicious activity.
“With the IDS it was all purely reactive,” Armstrong says. “The IPS is definitely proactive.”
There are a wide range of vendors offering IPS systems, including TippingPoint (owned by 3Com), McAfee, Juniper Networks, Cisco, Symantec, SourceFire, StoneGate, Secureworks and Radware.
While an IPS will improve an enterprise’s security, it won’t make other security devices, such as firewalls and anti-virus systems, obsolete, Armstrong notes.
“It’s just part of a multi-layered security strategy for enterprise or medium-sized business customers,” he says.