 |
| Trend Micro Next-Generation Intrusion Prevention System | Source: https://www.trenddefense.com/NGIPS.asp |
Overview
In today’s complex world of the cyber security landscape, choosing the next threat security prevention systems is just a simple differentiation of technical features, because out there in the open a lot of information security prevention systems are just waiting to be installed and implemented by any organizations. Information security risks increase day to day in number and scale of attacks as attackers become sophisticated and stealthier. Cybercrime attacks evolve, so does the need for defenses.
Balancing The Organization’s Needs with The
Business and Security Risks
The need for Next-Generation Intrusion Prevention Systems is
now more of a requirement than just a need in the face of the ever-evolving
security threats to businesses. It’s just a matter of embracing a change of the
role of IT personnel as an enabler of businesses instead of a blocker. It’s
just about balancing the organization’s needs with the business and security risks involved with modern applications. It’s just about acknowledging that the
present information security world around us has changed and simple security
prevention infrastructure can no longer protect businesses with an approach to
cybersecurity that worked well eons ago when web browsing and email were the
only applications on the internet.
How NGIPS Works
 |
| How the next-generation intrusion prevention system protects networks | Source: https://www.trendmicro.com/ |
The Next Generation Intrusion Prevention Systems (NGIPS) evolved from the traditional Intrusion Detection and Intrusion Prevention Systems (IDIPS). It delivers the industry’s best multi-layered threat protection at basically high inspection throughput rates. NGIPS collects details concerning network host configurations, operating system applications, user identity, and network behavioral actions, and traffic baselines. Since the evolvement of security threats, information security products and solutions seem to change day after day from year to year, and because of this rapid rate of change, it becomes difficult to trace which product is best suited to provide the exact solution for a specific threat environment. The Cisco FirePOWER NGIPS has attained the most significant security potency, achieved total resistance to circumvention, and competitive TCO (Total Cost of Ownership) resulting in a more “Recommended” ranking than any other vendor tested. Cisco FirePOWER NGIPS allows an organization to address the full attack continuum, before, during, and after the attack.
There is no other IPS solution in its current class that
provides more visibility, more threat detection capabilities, and the ability
to track attacks through the network into the information security system.
Sourcefire Next-Generation Intrusion Prevention Systems raises the ante in IPS
technology by incorporating the real-time circumstantial realization into its
inspection. Besides having the maximum visibility into what is running on the
network, NGIPS provides event impact evaluation, IPS automated tuning, and user
recognition ability resulting in a remarkably low total cost of ownership. Many
vendors have integrated parts of some common information security solutions
tools into specific products thus blurring the lines between one group and
another. NGIPS offers, particularly on devices that only provide NGIPS services
and those that don’t provide NGFW services.
This new breed of Next-Generation Intrusion Prevention Systems brings forth advantages compared to the traditional IPS but adds up more functionalities allowing it to provide much better protection for the present-day system of networks and appliances.
Some of these functionalities include the
following
1. Network Appliance Realization –
This provides the knowledge of the appliances existing on
the network. This is very valuable data when gathered simultaneously in small
and large quantities because it allows organizations to possess the capacities
to know the types of appliances (OS, device types, etc.) existing on the
network and to be able to single out and emphasize those that are found outside
the rule. Abnormalities will be identified, and alerts can be configured. Typically,
it also extends into the detection of which software packages are being
utilized to create traffic on the network.
2. Application Capability Realization -
This provides the capability to choose and highlight
applications that are running on the network and the users who are running
them. This capability allows strategies to be generated to control applications
that are allowed and those that are not, by whom and by what level, i.e.,
Twitter, Facebook, Skype, YouTube, Jabber, etc.
3. Data Identity Awareness –
This provides the capability to accumulate identity data
for the appliances and applications attached to the network and for the traffic
being transmitted. The data can be collected by using several different methods
and databases, such as LDAP and MAD (Microsoft Active Directory).
4. Behavioral Pattern Awareness -
These provide the capability to set up and track the
baseline performance of network appliances. The established and monitored data
is then utilized to go against continuous usage patterns. Anything that stands
out of the norm will be reported and/or alleviated by policy, i.e. performance
abasement, bandwidth depletion, etc.
5. Automated Real-Time Response -
This provides the capability to automatically respond to
events as they occur and react in actual time with a suitable response based on
policy.
6. Automatic IPS Tuning –
This provides the capability for a platform to
progressively tune itself based on the data collected. This reduces the number
of interactive engineer time that is required to make alterations to the
configurations. An example includes the enabling or disabling of indubitable
scanning signatures or techniques based on the discovered operating systems
used.
A complete information security prevention solution requires that organizations must have a multi-tiered procedure to systems security.
_______________________________________________________________
References:
1. tom’s ITPRO | A Guide To Intrusion Detection And Intrusion Prevention Systems (IDS/IPS)
2. CISCO | Next-Generation Intrusion Prevention System (NGIPS)
3. IPSWorks.com | Next-Generation Intrusion Prevention System (NGIPS) Automate Security with Contextual Awareness