Search in ISMS Guides


Wednesday, August 1, 2007

Choosing the Right Intrusion Prevention System (1)


Intrusion prevention systems are helping organizations prevent external attacks and decrease IT security costs. However, choosing the right system is a must for organizations, as they continue to struggle through more sophisticated network attacks and vulnerabilities.

By Jon Oltsik, Senior Analyst, Enterprise Strategy Group

For many organizations, modern networking is a challenging process: As the network becomes more essential for business operations, users can expose organizations to dangerous security risks and threats. Although perimeter firewalls do a good job of thwarting external attacks, additional security measures may be needed to protect networks from hacking attempts and other threats. For example, according to research conducted in 2005 by IT analyst firm Enterprise Strategy Group (ESG), 66 percent of organizations surveyed said they were impacted by an automated Internet worm in the previous 12 months, and more than half were attacked more than twice. Of the 251 North American companies that participated in the survey, 96 percent claimed they had a firewall in place.

To protect computer networks from external attacks more effectively, many IT departments use intrusion prevention systems (IPSs) — software programs that detect suspicious network behavior. During the control assessment process, IT auditors may work with security professionals when identifying ways to help organizations enhance internal network security. As a result, auditors need to familiarize themselves with the benefits offered by IPS systems and the factors companies need to keep in mind before investing in intrusion prevention technology.


The Internet has changed the way many organizations view network security. Although Internet-based applications and communications have helped organizations boost revenue, streamline processes, and manage costs, Internet use has opened the door to hackers and malicious codes attacks. Similarly, telecommuting has increased the risk of Internet-based security breaches, thus impacting corporate network security efforts. For example, employees working from home or another remote location may not have the latest antivirus software definitions installed on their desktops or laptops. Therefore, when the employee's laptop becomes infected with a worm, the laptop can easily infect other computers once it reconnects to the network. Furthermore, Internet-based attacks can reduce work productivity. When a worm or Trojan infiltrates a corporate network, security staff may take critical business systems offline — sometimes for extended periods of time — preventing employees from accessing needed systems and applications.

To minimize network security risks, many companies are using IPS applications that sit on the network, examine traffic, and block malicious or suspect code. Some security experts consider IPS technology to be an extension of intrusion detection systems — software or hardware that detect and log inappropriate, incorrect, or anomalous activity. However, IPS programs go one step further by preventing potentially malicious activity at the host level and making access control decisions based on an application's content, rather than an Internet protocol address or port. IPS programs are also more effective, automated, and efficient than other security solutions: If configured correctly, they can eliminate the need for, and high cost of, emergency system patching by blocking specific exploits.

Choosing the Right Intrusion Prevention System (1)
Choosing the Right Intrusion Prevention System (2)
Choosing the Right Intrusion Prevention System (3)

No comments: