News, Analysis and Opinion for Network intrusion detection and prevention (IDS-IPS)

August 20, 2019 20 Aug'19

Why is patch management important?

Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important.

August 05, 2015 05 Aug'15

Security machine learning methods needed to adapt to evolving threats

Data science can sort through huge data stores in order to find and stop advanced attackers and malware, but new methods are needed to make sure the machine learning keeps up with evolving threats.

June 03, 2015 03 Jun'15

Adversaries never sleep: unknown malware downloaded every 34 seconds

In its 2015 Security Report, Check Point Software has found adversaries are exploiting the ease of creating unknown malware to boost the chance of a successful attack, and sandboxing adoption may be the best way to mitigate risk.

May 21, 2015 21 May'15

Too many false positives, security alerts inundate enterprise, study says

A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.

April 29, 2015 29 Apr'15

Port monitoring critical to detecting, mitigating attacks using SSL

As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them.

March 09, 2015 09 Mar'15

For threat intelligence programs, ROI evaluation proves tricky

Threat intelligence programs are taking root in many enterprises, but experts say variables like disparate service offerings, pricing models and response capabilities make ROI evaluation a vexing proposition.

March 04, 2015 04 Mar'15

Big data security analytics: Can it revolutionize information security?

Demetrios Lazarikos describes the security big data system he implemented at retail giant Sears, as well as how it helped thwart retail fraud activity and how he convinced executives to support the implementation.

February 26, 2015 26 Feb'15

HP: Threat intelligence sources need vetting, regression testing

According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity.

February 23, 2015 23 Feb'15

Cisco touts OpenAppID for internal application traffic visibility

Use of Cisco's OpenAppID application-layer traffic-detection tool is still modest compared to Snort, but the networking giant says it can help enterprises improve traffic visibility on internal applications.

February 13, 2015 13 Feb'15

Security information sharing: A double-edged sword

News roundup: While data sharing can boost intelligence and improve security, recent events show the benefits don't always outweigh the pitfalls. Plus: Chip-enabled POS systems coming quickly; MongoDB databases exposed; sophisticated phishing scams.

June 24, 2014 24 Jun'14

On prevention vs. detection, Gartner says to rebalance purchasing

At its annual security confab, the research giant said enterprises buy too much threat prevention and not enough detection and response technology.

March 10, 2014 10 Mar'14

How will Cisco-Sourcefire security combo affect Cisco product roadmap?

New Cisco CTO Martin Roesch says the Cisco product roadmap for network security will include a robust NGFW using Sourcefire technology.

February 25, 2014 25 Feb'14

Cisco security strategy update: Cisco adds Sourcefire AMP to gateways

The networking giant unveils a new strategy highlighting Sourcefire technology, including new open source application firewall features for Snort.

February 19, 2014 19 Feb'14

Windows Error Reporting may provide intelligence to attackers

Attackers may be able to use Windows crash data to find their targets' weaknesses, but enterprises can turn the tables via better anomaly detection.

October 15, 2013 15 Oct'13

The role of the enterprise intrusion prevention system in APT defense

One research group says an enterprise IPS can't help detect APTs. But network security expert Brad Casey explains why that isn't necessarily true.

May 21, 2013 21 May'13

Sourcefire updates malware detection, malware analysis capabilities

New features for detecting and analyzing malware in Sourcefire's FireAMP and FirePOWER products supplement flagging signature-based antimalware.

March 20, 2013 20 Mar'13

Research highlights speed, frequency of ICS security attacks

A new Trend Micro study using honeypots for research highlights an alarming number and variety of attempted ICS security breaches.

July 02, 2012 02 Jul'12

Botnet infections in the enterprise have experts advocating less automation

Having skilled IT pros closely monitoring intrusion prevention systems to investigate network traffic anomalies can reduce infections, experts say.

February 08, 2012 08 Feb'12

Marty Roesch pushes collective analysis, underscores cyberthreat intelligence

Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction.

November 01, 2011 01 Nov'11

Next generation SIEM could boost network visibility, but platforms must scale, experts say

Can security information and event management systems be the foundation for comprehensive IT data analytics? Powerful correlation engines and sharper analytical capabilities are forthcoming, analysts say.

October 13, 2011 13 Oct'11

IT security pros acknowledge network security weaknesses, configuration issues

Improperly configured network devices and the inability to measure the network security posture make most IT organizations incapable of finding gaps in their systems, according to a new survey.

January 10, 2011 10 Jan'11

Testing firm finds increase in IPS security performance

NSS Labs, Inc. said tuning is crucial in improving network IPS effectiveness. Some vendors failed certain tests, leaving gaping holes in defenses, the testing firm said.

September 08, 2010 08 Sep'10

Snort creator remains guiding force behind network detection system

Martin Roesch remains the guiding force behind nearly all of the improvements made to Snort, which is at the heart of Sourcefire's network detection system. Despite ...

July 28, 2010 28 Jul'10

Researchers uncover Cisco firewall vulnerabilities, McAfee console flaws

While the vendors have released patches, SecureWorks researchers told Black Hat 2010 attendees that many enterprises place too much trust in their security systems and fail to check them for basic vulnerabilities.

March 04, 2010 04 Mar'10

Experts laud IPS virtual patching, but warn against misuse

Virtual patching with intrusion prevention systems can offer a quick fix for vulnerabilities on an enterprise network, say experts at RSA Conference 2010, but the technique is no substitute for proper system and application patching.

March 02, 2010 02 Mar'10

White House declassifies CNCI summary, lifts veil on security initiatives

Summary document outlines ongoing initiatives to improve cybersecurity at the federal level as well as the security of the supply chain and private networks of critical infrastructure facilities.

July 16, 2008 16 Jul'08

NitroSecurity covers its bases with RippleTech deal

NitroSecurity Inc. will integrate log management and database activity monitoring with security incident and event management (SIEM).

March 03, 2008 03 Mar'08

TippingPoint introduces Core Controller to manage IPS appliances

As 10 gigabit networks grow, enterprises tackle the high cost of intrusion prevention

May 23, 2007 23 May'07

Sourcefire, Nmap deal to open vulnerability scanning

Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine.

May 18, 2007 18 May'07

Experts doubt Russian government launched DDoS attacks

Distributed denial-of-service attacks against Estonian computer systems probably originated from smaller groups in control of botnets rather than the Russian government, experts say.

May 03, 2007 03 May'07

When signature based antivirus isn't enough

Zero-day exploits, targeted attacks and increasing demands for endpoint application controls are driving the rapid metamorphosis from signature-based antivirus and antispyware to HIPS-based integrated products.

April 04, 2007 04 Apr'07

AT&T offers new malware security service

AT&T is now offering business customers a network-based security service that provides Web content and instant messaging filtering. Analysts say it's a step in the right direction.

January 30, 2007 30 Jan'07

TJX faces lawsuit over data breach

A class action lawsuit against TJX accuses the retailer of negligence for not doing enough to secure customer data and for keeping quiet about the breach for a month.

December 15, 2006 15 Dec'06

Review: Deep Security is a solid IPS

Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities.

December 14, 2006 14 Dec'06

Review: Lancope StealthWatch 5.5 offers more than IDS

Hot Pick: StealthWatch goes far beyond traditional intrusion detection, with powerful network-monitoring features. The optional IDentity-1000 is an essential addition.

November 07, 2006 07 Nov'06

Sourcefire IPO could fuel Snort, users say

Snort users frowned when Check Point tried to acquire Sourcefire last year. But they are more optimistic about Sourcefire's plans to go public.

November 03, 2006 03 Nov'06

Review: Arbor Networks' Peakflow X 3.6

Hot Pick: Peakflow isn't cheap and requires an intimate understanding of data flows, applications and network infrastructure. But the investment will pay dividends.

June 05, 2006 05 Jun'06

Security without firewalls: Sensible or silly?

The San Diego Supercomputer Center has had only one compromise in nearly six years, without using a firewall. The SDSC's security manager explains how.

April 26, 2006 26 Apr'06

To executives, intrusion defense is a hard sell

Security administrators say intrusion defense frustrates them not only because executives are reluctant to buy in, but also because even the top products have a long way to go.

November 15, 2005 15 Nov'05

IDS: Still head of the class in security education

Despite its "old school" image, a technologist at the CSI Computer Security Conference says intrusion detection offers quite an education in network security.

October 13, 2005 13 Oct'05

Snort users fear future under Check Point

With Check Point acquiring Sourcefire and its Snort open source IDS, users fear it may be the beginning of the end for one of the industry's most popular security tools.

August 10, 2005 10 Aug'05

Hybrid honeypots 'shadow' intrusion prevention systems

The new technology improves anomaly detection accuracy and relieves some of the headaches with current IPS and IDS tools. But it has its shortcomings.

August 08, 2005 08 Aug'05

New 'semantics-aware' IDS reduces false positives

Researchers develop new system to detect intrusions and reduce the number of false positives and botnets currently plaguing networks today.

August 01, 2005 01 Aug'05

Sourcefire offers Snort certification and online training

The security vendor creates new opportunity to show skills with its 3D System and the popular open source IDS.

July 07, 2005 07 Jul'05

REVIEW: Tripwire Enterprise provides robust, intrusion reporting

The costs can add up quickly, but Tripwire Enterprise is designed for large organizations that need to monitor thousands of devices.

December 30, 2004 30 Dec'04

Flaws affect Symantec's Nexland appliances

Vulnerabilities discovered in Symantec's Firewall/VPN and Gateway Security products last fall also affect the company's Nexland appliances.

November 15, 2004 15 Nov'04

Open-source IPS testing tool released

Free tool can gauge effectiveness, performance of IPS devices.

July 06, 2004 06 Jul'04

Signature-based threats: Moving beyond 'picking off penguins'

Network- and host-based IDS and AV products can provide more timely solutions to many threats that currently rely on signatures for detection.

June 21, 2004 21 Jun'04

Infosec officers dispute Gartner's technology "need" list

A Gartner recommendation of security technologies enterprises do and don't need is called into question by those in the trenches.

October 27, 2003 27 Oct'03

Coming soon: Intrusion detection cheat sheet from SANS

The SANS Institute is developing a Sysadmin Cheat Sheet for Detecting Intrusions, due out in December.

July 01, 2003 01 Jul'03

Opinion: 2003 Gartner Hype Cycle for infosec is wrong on IDS

Et tu, Gartner? The research firm's pronouncement that IDS is dead is just the latest Hype Cycle gone awry.

June 17, 2003 17 Jun'03

Users not so ready to declare IDS dead

Security admins and IT managers responding to a Gartner Inc. declaration that intrusion detection would be obsolete by 2005 aren't ready to fall in line with the research firm.

June 12, 2003 12 Jun'03

Gartner declares IDS obsolete by 2005

Gartner Inc. is predicting that intrusion-detection systems will be obsolete soon, and recommends enterprises migrate to firewalls that block attacks rather than alert.

December 23, 2002 23 Dec'02

Quick Takes: IntruShield evaluation perfect

The NSS Group Ltd. announced that IntruVert Networks' IntruShield 4000 intrusion detection system is the first to nab a perfect score in the group's evaluation, leading off this edition of Quick Takes.

December 10, 2002 10 Dec'02

Quick Takes: Sourcefire beefs up intrusion management system

Open-source intrusion detection specialists Sourcefire, home of Snort, announced this week the Sourcefire intrusion management system, leading off this edition of Quick Takes.

September 13, 2002 13 Sep'02

Tutorial test answers: Intrusion detection basics

Here are the answers to the intrusion detection basics test based on the tutorial Webcast.

June 18, 2002 18 Jun'02

Security Decisions: IDS, PKI, TCO and more

May 07, 2002 07 May'02

Quick Takes: Behavior-based IDS gets facelift

November 01, 2001 01 Nov'01

Recommendations for deploying an intrusion-detection system

Selection, placement and maintenance of intrusion-detection systems (IDS) are based on the requirements and current infrastructure of a company. One product may work well for one company and fail for the next...

July 18, 2001 18 Jul'01

Quick Takes: LANguard unique among intrusion detection

July 05, 2001 05 Jul'01

Quick Takes: IP360 focuses on intrusion prevention

Network intrusion detection and prevention IDS IPS