Converging IDS, IPS and the Rest of Security

By Alex Handy

June 6, 2008 —  (Page 1 of 4)
Would you ever run a network without a firewall? In this dangerous world of constant online threats, the mere idea of ditching a firewall is sheer madness.

There’s another item that’s become indispensable for network security: intrusion prevention and detection systems. Unlike firewalls, which can be tweaked by anyone on the IT team in a pinch, these essential defense mechanisms require a dedicated employee to keep up and running. Intrusion systems are a more complicated beast and require constant monitoring and adjusting. Will these crucial security systems ever be easier to maintain and administrate in large-scale environments?

Chris McGettigan is a security analyst with Alert Logic, a Houston firm that offers a new SaaS compliance and security platform. In a previous job, however, McGettigan worked as the primary IDS monitor at a bank. In that capacity, he spent almost all of his working time pouring over logs, updating signatures and tweaking filters. He said that the financial institution for which he worked needed him to stay on top of the intrusion systems simply because they were constantly requiring adjustment and examination to remain effective.

While he’s no longer tending and caring for those systems, he said that convergence in security appliances could lead the way to simpler IDS and IPS management. “Over time reactive IPS functionality will become more integrated into the functionality of other devices, like firewalls, proxy servers and even the operating system,” McGettigan said, adding that, to a large degree, this is happening already with Cisco’s ASA appliance and some of Websense’s products.

Merging the Boxes
John Yun, product marketing manager at the high-end business unit at Juniper, said that IPS systems tend to be viewed by IT shops as advanced firewalls. As such, some of his company’s IPS/IDS systems are available as bolt-on modules for its NetScreen firewalls. The advantage of this approach, said Yun, is that the individual modules and devices available from Juniper can be administered in bulk through unified management consoles. That allows more integration of devices.

Related Search Term(s): Security, Cisco, Juniper, Splunk

Share this link: http://www.sysmannews.com/link/32320