Overview
It should be noted that Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) have been around for years. Their clarity of tasks and functions evolved just as the threats of attacks facing organizations today have evolved. Initially, IDS platforms were only tasked to monitor communications of attacks detected on the network and alert IT staff so that additional courses of action could be taken up to stop them. IPS evolution on the other hand includes a procedure of implementing devices differently including abilities to detect attacks and take action in stopping them automatically. While this approach works for a time, the threat landscape was quick to outpace it.
Something Absolutely Indispensable
But since threats continued to advance more quickly faster than
detection and prevention processes were able to counter the threats, this makes
NGIPS the next most logical step in mitigating them. The proliferation of
advanced methods of attacks and the discoveries of new weaknesses in information security, the need for new systems to protect valuable data, and
network assets are more than “something absolutely
indispensable”. An IPS use dynamic procedures that block attacks before it
causes damage to the network. But while there is a diverse classification of intrusion
detection systems (IDS), evasion techniques are also becoming more sophisticated.
The basic intent of evasion is only to fool the IDS into seeing different data than what the target host will expect to see, thereby allowing a suspected attacker to escape undetected. Conventional signature-based IDS
focuses on how an attack works, trying to detect only certain strings, but when
an attacker utilizes in his arsenal any IDS evasion techniques,
IDS signatures will no longer be able to detect the attacks. In a dissimilar
method, IPS focuses on what an attack is being executed, crucially its
behavior, which does not change. In addition to the use of signatures, IPS
uses a set of commands representing either the allowable or dangerous behavior.
Real-time traffic is collated then compared to the set of rules and may either
be permitted or blocked. Methods of prevention put into effect via IPS stop
malicious behavior before it can cause any harmful aftereffect.
NGIPS, A Modern Replacement for Inline Prevention Devices
The integration of several components is a key differentiator for NGIPS products including reputation systems, intrusion prevention, and application identification within a solitary platform.
Firewalls
essentially provide the first deterministic approach to gain access control on
the network, providing fundamental IPS ability. IPS appliances add the next-generation ability to these firewalls, while still running inline and
affording the type of deterministic comfort needed of an inline appliance that
is making access control decisions.
CiscoFirepower Next-Generation IPS (NGIPS), for instance, provides network
visibility, automation, threat intelligence, and best in the industry threat
effectiveness used to “protect networks where the firewall cannot go”. So, instead
of trying to cope with all network performance and security policies on a
single device, Cisco NGIPS essentially makes use of the high-performance
capabilities to accommodate networks. This is all done with high-level fast
data throughput requirements whilst keeping a solid security profile while utilized
as a standalone appliance to an existing network security suite.
Cisco
NGIPS seeks out and obtains new policy rules and signatures every two hours making
certain it is continually current. Cisco’s Talos security intelligence, bring
in unparalleled threat efficacy to all Cisco devices leveraging the largest
threat detection network in the world. It acts as an early warning system for
potential new threats.
Conclusions
In essence, intrusion prevention
solutions are the replacement for firewalls and must accordingly act more of a
firewall to be successful. The Next Generation Intrusion Prevention systems
platform will sustain its transformation into smarter, more capable tools and
it is just a matter of time seeing this grow to more dynamic as malicious
attacks evolve.
References:
1.
CISCO
| Next-Generation Intrusion Prevention System
(NGIPS)