Intrusion prevention sounds cool. It's sexy. It's the action hero of the infosecurity universe, smacking down the bad guys before they can get in and hurt the assets your organization holds near and dear.
But what is it, really? At its core, intrusion prevention is a sort of access control that provides a last line of defense around critical host servers and applications. The stark reality of network-based security systems is that some attacks are going to make it past the security perimeter--the crunchy shell of firewalls, IDSes and AV scanners. The idea behind intrusion prevention is to stop these attacks before they get to the "cream filling" of the protected host.
Given the realities of today's IT market, however, a more appropriate question might be, "Does intrusion prevention add enough value to my existing defenses to justify spending the bucks?"
[ Read more ]