Intrusion Prevention: Protecting Network Applications, Infrastructure, and Performance
 At its most basic level, an intrusion prevention system (IPS) is an inline device that blocks an attack before it can reach its target. Unlike an intrusion detection system (IDS), an intrusion prevention system acts proactively. The intrusion prevention system performs total packet inspection, enabling a range of analysis and traffic classification functions. Some IPSs—such as those from TippingPoint™, a division of 3Com—also give IT staff strategic options for reporting, alerting, and Layer 2-7 packet handling (e.g., pass and track, pass and alert, or pass but rate limit).
Deployed anywhere it is needed in the network, intrusion prevention technology plays a growing role in network security, providing a layer of protection unavailable with other appliances. An IDS detects malicious traffic, but is n ot very successful at preventing attacks and can generate significant numbers of false positives. Similarly, firewalls were not designed to prevent malicious traffic. But an intrusion prevention system can reduce emergency patches and ad-hoc remediation frenzies. And
unlike a firewall, an intrusion protection system passes all packets except those it has a reason to block. As trends grow toward network convergence, blended threats, and application-level attacks, intrusion prevention technology can prevent problems without sacrificing network performance.
 |
|
Choosing the best IPS for your network requires critical evaluation on three criteria. |
- Performance: What are the system’s throughput, reliability, and latency characteristics? How well does it protect against attacks, and avoid false positives?
The leading independent security testing laboratory, The NSS Group, rated the TippingPoint IPS latency and user response times as “exceptional”. With throughput speeds up to 5 Gbps, the TippingPoint IPS moves packets through a total packet flow inspection at Layers 2-7 with a bounded latency less than 215µsec.
The NSS Group rated the TippingPoint solution “impeccable, with 100 percent of attacks being detected and blocked under all conditions”. Its accuracy applies to legitimate traffic too—NSS rated it out-of-the-box as 100% resistant to false positives. Comprehensive content-based and rate-based security includes protection against unknown vulnerabilities and DoS, DDoS, and flooding attacks.
- Protection: How accurate is the intrusion prevention system? Can it protect against a broad range of attacks? How fast can it respond to new threats? Each night is a new day for hackers: how well does the vendor provide updates?
Automatic, real-time inoculation with the TippingPoint Digital Vaccine ™ is delivered by the company’s security team as the primary author of the weekly SANS @RISK newsletter. The team uses its up-to-the-minute information on emerging vulnerabilities to develop new attack filters, which it incorporates into Digital Vaccines that it delivers to TippingPoint customers weekly (sooner if needed). The patches can be deployed automatically, on a scheduled basis.
- Management: How easily can the IPS be controlled? What features are available for management, configuration, and tuning? How quickly can the intrusion prevention system be installed and tuned for the network?
The NSS Group said of the TippingPoint IPS, “The management system is powerful and flexible, yet easy and intuitive to use. The profile editor is the best we have seen on any IPS/IDS device.”
Advanced capabilities maximize availability from the moment of installation. The TippingPoint IPS’s comprehensive discovery and pre-set filters allow instant deployment, with no tuning required. The NSS Group gave it “the highest out-of-the-box score in all our signature recognition, false negative, and false positive tests.”
3Com IPS, security switches, perimeter firewalls, host-based embedded firewall, and network infrastructure products provide pervasive security throughout a network. Find out more or call us at 1-800-638-3266. |
