|
When organizations first began experiencing the insecurity of networking, they placed barriers to entry on their networks - firewalls. Firewalls completely bar those entrances through which no traffic should be allowed to pass. In addition, they enforce access control over the ports they leave open, so that only traffic from desired IP addresses gets through. For these reasons, firewalls have proven effective against many types of intrusions. Of course, organizations can?t use a firewall to block everything from passing through, as the organization would not remain in business for very long. We have learned that attackers will learn to exploit any entry left open. Because they attack in multiple ways against which the firewall - with its access control emphasis - are not built to protect, hybrid attacks, Denial-of-Service (DoS) attacks, application level attacks and protocol anomalies get through most firewall deployments.
Many companies also employ network intrusion detection systems, which inspect the network traffic and report their findings to log files and databases. IDS tools have been instrumental in providing forensics about attacks and in determining over time what areas of the network become compromised. While IDSs enable record-keeping, an alarm function, and eventual analysis and remediation, they do not stop or mitigate damage from malicious attacks in real time.
An increasing number of organizations, therefore, are using network intrusion prevention systems in addition to other network security measures to mitigate information security risks. This is a generally positive development, as inline intrusion prevention systems with deep packet inspection capabilities are critical to protecting corporate networks. However, even among those forward-looking companies that have adopted IPS, too many are doing so in an incomplete fashion, focusing only on certain risks that have top-of-mind currency, thereby exposing them to serious varieties of risks they had not considered.
Enterprises must have a sound intrusion prevention strategy across the three threat dimensions: Undesired access, wherein intruders gain access to such invaluable assets as proprietary intellectual property or customer identity/credit information, as we have seen in several high profile financial services attacks over the last eighteen months; malicious content, including viruses, spyware and other types, which can cause troubles that range from mild annoyances to cost-prohibitive extended network downtime and loss of stored material; and rate-based attacks, which intentionally overload computers or networks with garbage traffic for the purpose of preventing legitimate traffic from reaching its destination, resulting in lost revenue and brand damage for the attacked. A three-dimensional approach which addresses all three of these attack techniques is critical to prevent being hurt by complex hybrid attacks that use multiple techniques to quickly spread malicious executables, techniques that can beat traditional security point measures.
Top Layer's IPS 5500 delivers the best defense against multi-faceted threats without sacrificing performance, and it can be deployed, managed, and updated with relative ease. Enterprises that are concerned about managing risk effectively and efficiently across the spectrum of potential attacks should seek out Three Dimensional Protection (3DP).
|
