The future of intrusion prevention

Abstract

The future of intrusion prevention is likely to be marked by significant technical advances, but currently it is still strongly supported by its technological predecessor. Despite predictions by IT analyst Gartner – in 2003 – that Intrusion Detection Systems (IDS) would be history by now – replaced by Intrusion Protection Systems (IPS), the former is still going strong. Dr Gene Shultz says that security professionals are increasingly seeing IDS and IPS as two overlapping but different technologies and IDS sales have continued to grow. Nevertheless IPS continues to grow popular. This issue of Computer Fraud & Security looks at four predictions for the technology's future. Dr Gene Schultz believes the improvements of IDS, which provides the foundations for IPS, will buoy the latter along. He says zero day attacks that systems may have failed to detect seven years ago are now being found. Also, IPSs are set to play a larger role in forensics data preservation by providing data to a forensics server while preserving the integrity of the data. “More advanced response capabilities will allow users and organizations to choose from a wide range of response mechanisms as well as fine tune them to more closely meet their business and operational needs,” says Schultz. The big four predictions:Prediction 1: Better underlying intrusion detectionPrediction 2: Advancements in application-level analysisPrediction 3: More sophisticated response capabilitiesPrediction 4: Integration of intrusion prevention into other security devices The big four predictions: Prediction 1: Better underlying intrusion detection Prediction 2: Advancements in application-level analysis Prediction 3: More sophisticated response capabilities Prediction 4: Integration of intrusion prevention into other security devices Intrusion prevention has gained in popularity to the point where it is now widely considered a mainstream security technology. Intrusion prevention is similar to intrusion detection in that it is designed to identify potential and actual security breaches in near-real time, but intrusion prevention goes farther than intrusion detection in that it provides the ability to respond defensively to attacks, thereby preventing them from succeeding – at least in the ideal case. Because so many attacks occur so swiftly, automated mechanisms designed to thwart them may not be able to stop them from initially succeeding, however. In such cases, intrusion prevention mechanisms often attempt to prevent the attack from spreading any farther.