70cc710850b21f2cd1027a96d266b2e7aaf4081a

The Next Generation Intrusion Prevention Systems (Part 1)

Trend Micro Next-Generation Intrusion Prevention System | Source: https://www.trenddefense.com/NGIPS.asp


Overview

In today’s complex world of the cyber security landscape, choosing the next threat security prevention systems is just a simple differentiation of technical features, because out there in the open a lot of information security prevention systems are just waiting to be installed and implemented by any organizations. Information security risks increase day to day in number and scale of attacks as attackers become sophisticated and stealthier. Cybercrime attacks evolve, so does the need for defenses. 

Balancing The Organization’s Needs with The Business and Security Risks 

The need for Next-Generation Intrusion Prevention Systems is now more of a requirement than just a need in the face of the ever-evolving security threats to businesses. It’s just a matter of embracing a change of the role of IT personnel as an enabler of businesses instead of a blocker. It’s just about balancing the organization’s needs with the business and security risks involved with modern applications. It’s just about acknowledging that the present information security world around us has changed and simple security prevention infrastructure can no longer protect businesses with an approach to cybersecurity that worked well eons ago when web browsing and email were the only applications on the internet.

How NGIPS Works

How the next-generation intrusion prevention system protects networks | Source: https://www.trendmicro.com/

The Next Generation Intrusion Prevention Systems (NGIPS) evolved from the traditional Intrusion Detection and Intrusion Prevention Systems (IDIPS). It delivers the industry’s best multi-layered threat protection at basically high inspection throughput rates. NGIPS collects details concerning network host configurations, operating system applications, user identity, and network behavioral actions, and traffic baselines. Since the evolvement of security threats, information security products and solutions seem to change day after day from year to year, and because of this rapid rate of change, it becomes difficult to trace which product is best suited to provide the exact solution for a specific threat environment. The Cisco FirePOWER NGIPS has attained the most significant security potency, achieved total resistance to circumvention, and competitive TCO (Total Cost of Ownership) resulting in a more “Recommended” ranking than any other vendor tested. Cisco FirePOWER NGIPS allows an organization to address the full attack continuum, before, during, and after the attack. 



There is no other IPS solution in its current class that provides more visibility, more threat detection capabilities, and the ability to track attacks through the network into the information security system. Sourcefire Next-Generation Intrusion Prevention Systems raises the ante in IPS technology by incorporating the real-time circumstantial realization into its inspection. Besides having the maximum visibility into what is running on the network, NGIPS provides event impact evaluation, IPS automated tuning, and user recognition ability resulting in a remarkably low total cost of ownership. Many vendors have integrated parts of some common information security solutions tools into specific products thus blurring the lines between one group and another. NGIPS offers, particularly on devices that only provide NGIPS services and those that don’t provide NGFW services. 

This new breed of Next-Generation Intrusion Prevention Systems brings forth advantages compared to the traditional IPS but adds up more functionalities allowing it to provide much better protection for the present-day system of networks and appliances.

 

Some of these functionalities include the following

1. Network Appliance Realization –

This provides the knowledge of the appliances existing on the network. This is very valuable data when gathered simultaneously in small and large quantities because it allows organizations to possess the capacities to know the types of appliances (OS, device types, etc.) existing on the network and to be able to single out and emphasize those that are found outside the rule. Abnormalities will be identified, and alerts can be configured. Typically, it also extends into the detection of which software packages are being utilized to create traffic on the network.

2. Application Capability Realization -           

This provides the capability to choose and highlight applications that are running on the network and the users who are running them. This capability allows strategies to be generated to control applications that are allowed and those that are not, by whom and by what level, i.e., Twitter, Facebook, Skype, YouTube, Jabber, etc.

3. Data Identity Awareness –

This provides the capability to accumulate identity data for the appliances and applications attached to the network and for the traffic being transmitted. The data can be collected by using several different methods and databases, such as LDAP and MAD (Microsoft Active Directory).

4. Behavioral Pattern Awareness -           

These provide the capability to set up and track the baseline performance of network appliances. The established and monitored data is then utilized to go against continuous usage patterns. Anything that stands out of the norm will be reported and/or alleviated by policy, i.e. performance abasement, bandwidth depletion, etc.

5. Automated Real-Time Response -

This provides the capability to automatically respond to events as they occur and react in actual time with a suitable response based on policy.

6. Automatic IPS Tuning –

This provides the capability for a platform to progressively tune itself based on the data collected. This reduces the number of interactive engineer time that is required to make alterations to the configurations. An example includes the enabling or disabling of indubitable scanning signatures or techniques based on the discovered operating systems used. 

A complete information security prevention solution requires that organizations must have a multi-tiered procedure to systems security. 

 

 

_______________________________________________________________

 

References: 

1. tom’s ITPRO | A Guide To Intrusion Detection And Intrusion Prevention Systems (IDS/IPS)

2. CISCO | Next-Generation Intrusion Prevention System (NGIPS)

3. IPSWorks.com | Next-Generation Intrusion Prevention System (NGIPS) Automate Security with Contextual Awareness

Post a Comment

Previous Post Next Post