Next-generation intrusion prevention: The power of an integrated system

Previous tips in this series introduce the concept of an attack timeline and propose that next-generation intrusion prevention systems need to account for the full range of technologies and processes associated with its primary periods: pre-attack, time-zero and post-attack.

Of course, there is already evidence of the recognition for this need in the security market. Various vendors initially focused on one segment of the timeline have gone on to offer products addressing multiple sub-periods or even wholly different periods. Still others have attempted to achieve a similar result through complementary partnerships. However, in either case, the result to date has only been a relatively loose coupling or integration of disparate parts. What is needed for a true, next-generation system of intrusion prevention is a more thorough scope and depth of integration. Ideally, components in one period should provide benefits to components in each of the other periods. A minimum set of integration points that meet this objective would include the following:

Obviously, having this degree of integration is significant because it yields a more effective solution – one where the total is truly greater than the sum of the pieces. In part, this enhanced effectiveness can be attributed to the additional layers of automation that are achieved. After all, it is quite clear that today's fast moving worms and viruses are no match for defenses that depend on even a single manual reaction – not to mention the more common scenario of req

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

I would like to receive a FREE subscription to Information Security magazine online.
YesNo

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.
Please select... Over $10 Million $5 Million-$10 Million $1 Million-$4.9 Million $500,000-$999,999 $100,000-$499,999 $50,000-$99,999 $25,000-$49,999 $10,000-$24,999 Less than $10,000 None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

But even automation is subservient to and even dependent upon a much more significant prerequisite. Specifically, the role that establishing context plays in the success of next-generation intrusion prevention should not be under-estimated. Comprehensive and timely information about the particular environment that is being protected is the essential ingredient that underlies improved effectiveness. It affords better accuracy of detection and determination of relevancy while also facilitating greater automation by reducing the occurrence of false positives. Without such context, all of the other enhancements merely result in a more effective communication prevention system.

A closing thought has to do with appropriate terminology. The next-generation system of intrusion prevention that I've described can just as easily be called a Threat Protection System or even a Threat and Vulnerability Management System. For that matter it can be referred to by any other similar term that captures the extensive nature of its scope. The difference in these labels boils down to semantics and is mostly a matter of perspective. The underlying characteristics are the important distinction (e.g., scope, context and integration) and these should therefore be the focal point of enterprises striving for greater effectiveness in their information security endeavors.

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Network Intrusion Detection (IDS),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Network Intrusion Prevention (IPS),   Network Security Tactics,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Intrusion Detection (IDS) SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security New product aims to control rogue applications that avoid firewalls How to perform a network forensic analysis and investigation What is the cause of an 'intrusion attempt' message? Host-based intrusion prevention addresses server, desktop security Intrusion detection vs. intrusion prevention Product review: AirDefense Enterprise 7.3 Network Intrusion Detection (IDS) Research Network Intrusion Prevention (IPS) Lesson 1 quiz: Risky business Hacker attack techniques and tactics: Understanding hacking strategies SIMs tools and tactics for business intelligence IPS and IDS deployment strategies Know when you need IDS, IPS or both Trend Micro to acquire Third Brigade for virtualization, cloud security What are the best practices for IPS implementation? Host-based intrusion prevention addresses server, desktop security Intrusion detection vs. intrusion prevention IBM announcements mark two years of ISS marriage Network Intrusion Prevention (IPS) Research Network Security Tactics Screencast: Samurai offers pen-testing nirvana Firewall rule management best practices Chained Exploits: How to prevent phishing attacks from corporate spies Rootkit Hunter demo: Detect and remove Linux rootkits Enterprise UTM security: The best threat management solution? Making the case for network security configuration management An inside look at security log management forensics investigations How to find sensitive information on the endpoint How to perform Microsoft Baseline Security Analyzer (MBSA) scans How to spot attacks through Apache Web server log analysis RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) Diffie-Hellman key exchange  (SearchSecurity.com) Einstein  (SearchSecurity.com) HIDS/NIDS  (SearchSecurity.com) network behavior analysis  (SearchSecurity.com) ultrasound  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.