IPS still mainly deployed at the perimeter, doing a good job
Posted on 28 October 2013.
SANS announced the results of a new survey on network security sponsored by HP. 439 survey responses show that IPS is still mainly deployed at the perimeter and is doing a fairly good job at detection, yet only 11% of respondents are turning on IPS to block automatically for 100% of their traffic.


However, 80% are using some automated blocking – a large group (28%) set automatic blocking only for those events they can block with great assurance.

Why aren't organizations using their IPS automated blocking features more? Results indicate that respondents want and need more information than their traditional IPS will give them before they can confidently turn on automatic blocking.

Indeed, when respondents laid out their wish lists for a next-generation IPS, 79% say their next-generation IPSs must include more application awareness, 67% want more context awareness, 57% say they need more content awareness, and 56% would like full stack inspection included in their IPS capabilities. This question allowed multiple responses, and this ranking indicates that, above all, respondents want smarter IPS devices that work with a variety of needs.

"Given the industry trend toward simpler and easier interfaces, I was surprised that the overwhelming need expressed in our survey results was for more data," says SANS Analyst, Rob Vandenbrink, who authored the report. "They're also looking for better tools to integrate and process that data."

To expand their IPS capabilities, respondents are planning to or are already connecting their IPS devices to other security inputs for a next-gen IPS "fabric-oriented" architecture so that their tools, working together, result in better visibility and analytics. This, in turn, not only results in more accurate decisions made on behalf of the IPS, but also offers the ability to feed information back and forth between different security systems for more thorough protection and remediation.

"This survey represents a true 'slice-of-life' from real IT shops trying to enhance their IPS capabilities to prevent threats," adds Vandenbrink.





Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //