70cc710850b21f2cd1027a96d266b2e7aaf4081a

Next-Generation Intrusion Prevention Systems (Part 2 of 2)



Overview

It should be noted that Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) have been around for years. Their clarity of tasks and functions evolved just as the threats of attacks facing organizations today have evolved. Initially, IDS platforms were only tasked to monitor communications of attacks detected on the network and alert IT staff so that additional courses of action could be taken up to stop them. IPS evolution on the other hand includes a procedure of implementing devices differently including abilities to detect attacks and take action in stopping them automatically. While this approach works for a time, the threat landscape was quick to outpace it.

 

Something Absolutely Indispensable

 

But since threats continued to advance more quickly faster than detection and prevention processes were able to counter the threats, this makes NGIPS the next most logical step in mitigating them. The proliferation of advanced methods of attacks and the discoveries of new weaknesses in information security, the need for new systems to protect valuable data, and network assets are more than “something absolutely indispensable”. An IPS use dynamic procedures that block attacks before it causes damage to the network. But while there is a diverse classification of intrusion detection systems (IDS), evasion techniques are also becoming more sophisticated.

 

The basic intent of evasion is only to fool the IDS into seeing different data than what the target host will expect to see, thereby allowing a suspected attacker to escape undetected. Conventional signature-based IDS focuses on how an attack works, trying to detect only certain strings, but when an attacker utilizes in his arsenal any IDS evasion techniques, IDS signatures will no longer be able to detect the attacks. In a dissimilar method, IPS focuses on what an attack is being executed, crucially its behavior, which does not change. In addition to the use of signatures, IPS uses a set of commands representing either the allowable or dangerous behavior. Real-time traffic is collated then compared to the set of rules and may either be permitted or blocked. Methods of prevention put into effect via IPS stop malicious behavior before it can cause any harmful aftereffect.

 

NGIPS, A Modern Replacement for Inline Prevention Devices




The integration of several components is a key differentiator for NGIPS products including reputation systems, intrusion prevention, and application identification within a solitary platform.

Firewalls essentially provide the first deterministic approach to gain access control on the network, providing fundamental IPS ability. IPS appliances add the next-generation ability to these firewalls, while still running inline and affording the type of deterministic comfort needed of an inline appliance that is making access control decisions.

CiscoFirepower Next-Generation IPS (NGIPS), for instance, provides network visibility, automation, threat intelligence, and best in the industry threat effectiveness used to “protect networks where the firewall cannot go”. So, instead of trying to cope with all network performance and security policies on a single device, Cisco NGIPS essentially makes use of the high-performance capabilities to accommodate networks. This is all done with high-level fast data throughput requirements whilst keeping a solid security profile while utilized as a standalone appliance to an existing network security suite.  




 

Cisco NGIPS seeks out and obtains new policy rules and signatures every two hours making certain it is continually current. Cisco’s Talos security intelligence, bring in unparalleled threat efficacy to all Cisco devices leveraging the largest threat detection network in the world. It acts as an early warning system for potential new threats.

 

Conclusions

 

In essence, intrusion prevention solutions are the replacement for firewalls and must accordingly act more of a firewall to be successful. The Next Generation Intrusion Prevention systems platform will sustain its transformation into smarter, more capable tools and it is just a matter of time seeing this grow to more dynamic as malicious attacks evolve.

 

References:

1.     CISCO | Next-Generation Intrusion Prevention System (NGIPS)

Post a Comment

Previous Post Next Post