By Leslie T. O’Neill on May 29th, 2007
IT security technology evolves quickly, forever trying to stay one step ahead of the myriad threats constantly bombarding enterprise networks. What started as intrusion detection systems (IDS), quickly morphed into intrusion prevention systems (IPS). Now many security vendors offer devices that integrate both technologies into a single appliance. The forward motion toward increasingly proactive protection continues. What does the near – and far – future hold for IDS/IPS technology?
Related Articles:
A series of recent vendor announcements promise a spate of new IPS products on tap for 2007. They aim to extend intrusion prevention to all network endpoints and to even the largest carrier networks. On May 22 at the 2007 Interop conference in Las Vegas, both IBM and McAfee released information about coming IPSes that promise to perform at gigabit speeds.
IBM will launch the Proventia Network Intrusion Prevention System GX6116 by the end of this year’s second quarter. Designed for the core of larger enterprise and carrier networks, it will support throughput of as fast as 15Gbps, provide inspection for as much as 6Gbps of traffic, and protect against eight network segments. Similarly, McAfee announced the upcoming IntruShield 10 Gigabit Ethernet IPS appliances, which will launch in the second half of 2007. These are built for 10GigE and IPv6 networks and will perform as fast as 10Gbps. Also, in February, Austin-based IPS vendor Tipping Point revealed its plans for an IPS for laptops; this solution would close the gap often opened up when guest users log on to corporate networks.
According to Sanjay Beri, senior director of product management at Juniper Networks, a Sunnyvale, Calif. IT infrastructure vendor, these announcements are just the beginning.
“There is a lot more custom hardware being developed to attack the challenges of increasing performance and scaling to multigig,” he says.
Research and development labs are hard at work on the software end of IDS/IPS products as well. It’s no longer effective enough to simply inspect signatures and match patterns on the network traffic coming into the network. Vendors are looking for ways to improve detection methods – and decrease the number of false positives, a problem that has always plagued IDS technology – by analyzing protocols, looking for anomalies, for instance.
And IDS/IPS is being guided by what’s coming next for the consumer market: services that will be delivered over IP networks, most immediately IPTV and VoIP. These services will be vulnerable to the same attacks that any IP network can succumb to – the phone network and cable network will be open to threats in a way that consumers have never experienced.
“It’s not talked about much, but it is front and center in providers’ minds – they understand the danger of rolling out consumer services on IP,” says Beri. “There is research and development going into IPS products to protect these services.”
One computer science researcher is even looking to apply a theory about how the human immune system functions – called the Danger Theory – to IDS technology. Dr. Uwe Aickelin, an associate professor at the University of Nottingham in England, is working with HP labs in Bristol. He’s developing an IDS that listens for “distress signals from besieged computers,” explains the New Scientist in the May 2006 issue. According to the Danger Theory, the human immune system only attacks foreign molecules when they become a danger; this may be how our bodies accept the proteins we eat and why a pregnant woman’s body does not attack her fetus. Aickelin’s notion is for the new IDS technology to scan the network for events that may become a danger, such as sudden increases in network traffic. He hopes this will also reduce the number of false alarms reported by an IDS.
Digg This Article
Del.icio.us
Print This Article
Email a Friend