IPS, the Next Generation of Firewall

Intrusion Prevention System (IPS) has been recognized as the greatest Savior to network security of enterprise and corporation alike recently. Unlike Intrusion Detection System (IDS) which does the inspection and filtering passively on suspicious & misdemeanor packets coming through the network, IPS devices are capable of providing instant, pro-active inspection and protection against perpetrators and intruders activities by either dropping the packets on the spot or reset connections. Additionally, many of the concerns voiced about IDS and IPS are based on misconceptions, such as the market hype about an IPS being able to block or not block, rather than creates alarms like a traditional IDS – whereas the reality is that most IPS nowadays will only block certain number of attacks and will provide alerts for the rest of the hazardous traffic that they observed.

There is now a strong feeling in the industry that the only effective protection for any network is inline mode and reactive. Staff levels and financial plans have decided that companies need a strong return on investment for their security expenditure. Most of the organizations are not able to allocate enough human resources dedicated to surveillance an IDS and even if they can, these MIS staffs are incapable to react quickly enough to the threat in order to protect valuable corporate assets. Although many corporate MIS are extremely suspicious of deploying any type of IDS solution inline due to the worries and concerns about the network stopping functioning; however, modern IPS solutions have come across a long way from the early days of IDS, when false positives were the bane of all security teams’ existence.

Why is IPS now worth considering by any corporation? It can be narrowed down to four major reasons:

• The technology is constantly revolutionizing, in both the underlying paradigms and the quality of the products.
• Type of internet threats is getting more sophisticated and worse in form.
• People started to use it, so it is more “bedded in”, with more user experience.
• The total cost of ownership is falling due to increased competition between different solution providers, reflected in the upfront price of the device and in the installation effort required.

In conclusion, all security products, as any firewall administrators will agree, suffer from being blamed when there are network problems. In the early days of commercial firewalls, whenever there was a network problem the firewall always got the blame, the same is true for IPS and will continue to be for some time. While there are still problems of bridging the credibility gap, but an IPS device is able to provide protection that is not substitutable by any other security device and it is protection that companies increasingly need because of the way that the threat is involving. The question should no longer be “Can I trust an IPS” but rather, “Can I afford not to?”