Tuesday, August 3, 2010

Enhance the concept of active intrusion prevention IPS is not speculation


Intrusion Detection (IDS), has been put on the market for years, but more and more users find that it can not meet the new network environment for security needs.

IDS can detect passive attacks, and can not take the initiative to stop the threat to the vagaries of the network.

Therefore, it was urgent need to find a proactive intrusion prevention solutions, to ensure that the four enterprise network threat environment in normal operation.

Deep-level defense security needs

Currently, enterprises are facing increasingly complex security problems, security threats are growing rapidly, particularly the risk of blended threats, such as worms, DDoS attacks, spam mail, etc., greatly troubled the user to the enterprise's Wangluo cause serious damage.

So what options do business? Intrusion prevention system is the next generation of security systems business. It not only can be detected, can block the attack before they cause damage to the intrusion detection system to a new level. IPS and IDS obvious difference: intrusion prevention systems block the Code Red, Nimda and SQL Slammer, and the use of intrusion detection systems, users are required after each attack to spend millions of dollars for virus removal. Because of this, companies need the security strategy has not only limited to a single firewall and other protection products, but a deep-level protection strategy.

NAI launched includes host protection IPS technology strategy and network protection strategy for the two most, which is the McAfee Entercept host-based intrusion prevention solutions, technologies and rules of conduct signed by the integrated approach, providing an effective protection as Code Red, Nimda worm that attacks such as; McAfee IntruShield network intrusion prevention solutions, integrated feature library detection, abnormal behavior test, behavioral analysis, correlation, and denial of service techniques that can intelligently detect known attacks, the first place attacks and DDOS attacks, a deep level to effectively protect the enterprise network security.

IPS will replace IDS

Currently, IPS and IDS for the dispute, it was said, IPS, and no new technical breakthrough, but a conceptual speculation, Pubic do not think so. He believes that as technology development and continuous improvement, IPS will replace IDS, NAI IPS technology has been made in a number of international patents, IDS in the network is real-time detection of network attacks, while the IPS includes IDS technology In the IDS based on the increased detection of active response to block the defense function, once the attack is detected, you can take the initiative to cut the intrusion. Of course, true, IDS is already a mature product. Pubic think, IPS will take some time to replace IDS, IPS also requires the user to accept a change process, and now this change is also underway.

Currently, the face of mixed-type attacks, users need a proactive defense strategy, IPS is a large potential market for new business, therefore, NAI technically spent a great deal of input, hope to play a lead role. Now has more than 180 customers worldwide use of IPS products in China, after some users in the test trial of the IPS are also interested. Pubic believe, IPS will have a significant demand for this market, it is very useful to users. IDS products have been used for the user you want to migrate to IPS, you can purchase a license only on the user's input costs are also guaranteed.

It is reported that already has a financial company based on the original IDS, IPS purchased a few licenses to the successful deployment of intrusion protection system IPS.

In addition, IPS is a very technical product, the user's skill level requirements are high, and only on the IPS used properly, the effect will be significant, or just the opposite, but rather as IDS, so, user education and training essential. NAI will intensify efforts in this area, which is the current IPS technologies to promote the great challenges facing.

What is the real IPS

Currently there are many products on the market are dubbed "protection" of the word. But the real intrusion prevention solution should enable companies to analyze can not take measures to protect the system; the same time, it should prevent attacks result in the user's operating system, applications and data corruption. NAI believes that a good intrusion prevention solution should include the following features:

First, the real solution should provide real-time attack prevention and analysis. It should be before the start of any unauthorized activity to identify attacks, and prevent it from access to important server resources.

Second, intrusion detection is the most effective way is to adopt a mixed approach, that integrates specific attack signatures and behavioral rules of power. This hybrid method can provide the protection of known and unknown attacks, while at the same time keeping false positives to a minimum, so do not make any concessions on the loss.

In addition, a strong defense in depth security are based on the concept of protection can be deep. IntruShield's unique architecture integrates a number of patented technologies, including feature detection, anomaly detection and denial of service analysis to be able to multi-gigabit of network traffic and intelligent under the accurate detection and protection. This kind of creative control unprecedented ability of technology to protect those with the most stringent requirements of the network against known attacks to the first occurrence of unknown attacks and DoS attacks.

At the same time, enterprises have to choose whether to adopt the solution of advanced technology industry, is well-tested and used, and are subject to ongoing maintenance, it is very important.

Things correct safety and performance

IDS generally parallel in the network to bypass the network monitor in real-time detection of suspicious traffic, the performance is not significantly affected, but not IPS IDS, it is deployed mainly in the series in the network, all access to the internal network traffic to go through the IPS, if found aggression, to respond immediately to block attacks, so that will affect network performance, NAI also take into account this situation.

NAI's IPS performance is very good, IPS products in more than 20 integrated chip, 60G of cache, to ensure maximum network performance, and this is one of IPS's main selling points.

The so-called "true blue streak", despite the different opinions of the IPS's, but it is the concept of right, and it indeed has been in existence, many manufacturers are successively pushed IPS products, as long as the actual use indeed the role of the user's network security are effective, the user can try.






Recommended links:



Easy Cataloging



Convert .avi To .wmv



Only store is not enough



HP Quality Doors Lead Into The Victims Of Collective Action



CorelDRAW Based Cartoon Series (2)



Hot Shell Tools



U.S. scientists trained computer "understand" the human brain



139 port of offense And defense



Blackberry Video Format



Good E-Commerce



Internet Explorer programming brief (2)



ArcGIS standard coordinate conversion in The end how?



Vigilance "Li Cheng Ru-style" risk



One after another anti-piracy noise compensation 780 000 Shenzhen Haojia reconciliation



.VOB



Mkv