Search in ISMS Guides


Wednesday, August 1, 2007

Choosing the Right Intrusion Prevention System (3)


Although networkwide IPS devices enhance perimeter protection, they only provide one security layer. Given today's business requirements and threat landscape, auditors can help organizations establish a comprehensive threat management security infrastructure that improves the effectiveness of IPS programs and other security tools, such as firewalls and antivirus software, through better integration. This comprehensive threat management security infrastructure should include:

  • Regular risk assessments. As the business saying goes, "You can't manage what you don't measure." This is especially true in IT security, where a new application or system configuration change can turn a secure enterprise into melted cheese. To alleviate this risk, companies should conduct risk assessments, gap analyses, and network scans on a regular basis and implement stop-gap controls immediately. Companies also should consider automating these processes so risks and internal control gaps are discovered in real-time.
  • Deep security intelligence. Strong security is more than just detecting and preventing attacks. In an ever-changing threat landscape, security groups must anticipate the attack vectors that could impact their IT assets, employees, or business processes. To stay ahead of criminal or unauthorized activity, security defenses should gather ongoing intelligence about malicious Internet activities, geographic events, and targeted industry attacks, as well as distribute this information to the appropriate personnel.
  • Specific application safeguards. Although protecting the network is critical, many of today's attacks are directed at business systems such as e-mail and Web-based applications, where a system breach could cripple communications, impact revenue, or lead to the theft of confidential data. To assuage this risk, companies must put explicit application safeguards in place, such as application-layer gateways and tight access controls.
  • Desktop protection. In the escalating war between the security industry and black hat community, one constant remains: Infected PCs often help to propagate malicious code. To address this threat, companies need to implement desktop security software, stay current with software signatures, and scan machines regularly to check for malicious code. Organizations should enforce this behavior by implementing end-point integrity solutions that inspect PC configurations and hard drive statuses before allowing access to the corporate network.
  • Management integration. To protect critical business processes, information security technologies must evolve from independent pieces to an integrated architecture. This will require messaging communications, event correlation, policy management, and centralized reporting. The ultimate goal should be an integrated security architecture that maximizes protection, automates processes, and lowers costs.

A comprehensive security model that incorporates the guidelines above will help companies maximize the use of IPS programs and protect critical assets — from desktops to data centers — while minimizing business risks.


In addition to perimeter firewalls, IPS technology has become a proven line of defense for networks. For many organizations, it is no longer a case of whether or not they will implement an IPS; it is a question of when they will deploy it and how many systems they will need. However, like any applications on the corporate network, IPS technology must be reliable, scaleable, and manageable. Furthermore, it is important to look at intrusion prevention as a virtual network service rather than a stand-alone security device. In this context, IPS programs must fit seamlessly into existing networks, offer advanced protection, provide flexible configuration options, and aggregate into an enterprise-class architecture. Following the recommendations above will not only help organizations implement a layered security infrastructure that incorporates effective IPS technology, but will help IT auditors keep abreast of network security tools that meet corporate needs and stay ahead of external threats.

Jon Oltsik is a senior analyst at Enterprise Strategy Group (ESG) and has expertise in security management and technology. Prior to joining ESG, Oltsik was the founder and principal of Hype-Free Consulting and served as vice president of marketing and strategy at GiantLoop Network. Oltsik was also a senior analyst at Forrester Research, where he conducted studies on different infrastructure and IT topics.
Choosing the Right Intrusion Prevention System (1)
Choosing the Right Intrusion Prevention System (2)
Choosing the Right Intrusion Prevention System (3)

No comments: