
NETWORK SECURITY TACTICS
Next-generation intrusion prevention: The power of an integrated system
Martin Roesch 09.12.2005
Rating: -2.67- (out of 5)




|
Previous tips in this series introduce the concept of an attack timeline and propose that next-generation intrusion prevention systems need to account for the full range of technologies and processes associated with its primary periods: pre-attack, time-zero and post-attack.
Of course, there is already evidence of the recognition for this need in the security market. Various vendors initially focused on one segment of the timeline have gone on to offer products addressing multiple sub-periods or even wholly different periods. Still others have attempted to achieve a similar result through complementary partnerships. However, in either case, the result to date has only been a relatively loose coupling or integration of disparate parts. What is needed for a true, next-generation system of intrusion prevention is a more thorough scope and depth of integration. Ideally, components in one period should provide benefits to components in each of the other periods. A minimum set of integration points that meet this objective would include the following:
Obviously, having this degree of integration is significant because it yields a more effective solution – one where the total is truly greater than the sum of the pieces. In part, this enhanced effectiveness can be attributed to the additional layers of automation that are achieved. After all, it is quite clear that today's fast moving worms and viruses are no match for defenses that depend on even a single manual reaction – not to mention the more common scenario of req
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com

uiring multiple occurrences of "think time plus responsive action" to account for all of the different gaps in the vulnerability and threat management processes.
But even automation is subservient to and even dependent upon a much more significant prerequisite. Specifically, the role that establishing context plays in the success of next-generation intrusion prevention should not be under-estimated. Comprehensive and timely information about the particular environment that is being protected is the essential ingredient that underlies improved effectiveness. It affords better accuracy of detection and determination of relevancy while also facilitating greater automation by reducing the occurrence of false positives. Without such context, all of the other enhancements merely result in a more effective communication prevention system.
A closing thought has to do with appropriate terminology. The next-generation system of intrusion prevention that I've described can just as easily be called a Threat Protection System or even a Threat and Vulnerability Management System. For that matter it can be referred to by any other similar term that captures the extensive nature of its scope. The difference in these labels boils down to semantics and is mostly a matter of perspective. The underlying characteristics are the important distinction (e.g., scope, context and integration) and these should therefore be the focal point of enterprises striving for greater effectiveness in their information security endeavors.
[TABLE]
 |

|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com. Register now
to start rating these tips. Log in if you are already a member.
|


');
// -->
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
 |
|
|
 |
|
 |