There are primarily two types of intrusion-prevention systems: host-based, which protect systems such as servers and PCs, and network-based, which protect traffic from attacks. Intrusion-prevention systems often use the more traditional attack signatures and also vulnerability signatures, which are chunks of code that protect against potential attacks aimed at known software vulnerabilities. Many intrusion-prevention systems can learn normal application and network behavior so they can block bad activities, such as a file trying to infect the operating system or a worm attempting to wiggle through an application vulnerability and launch a buffer-overflow.
American Electric's Assante has been using the intrusion-prevention features in Internet Security Systems' Proventia appliances for a year to protect key segments of the company's network. The technology works much like traditional intrusion-detection system, he says, but its blocking capabilities are better. The software automatically shuts down anomalous activity and will terminate the connection of any attacking IP addresses, he says.
Intrusion-prevention has "saved me from a lot of headaches," says Glenn Swanson, chief operating officer of Daniels Trading, a division of securities company Refco LLC. The commodities brokerage installed Stormwatch from Okena (acquired by Cisco Systems in January 2003; Cisco renamed the software Cisco Security Agent) to protect its 30-plus desktops from viruses, worms, and other attacks.
Before the firm installed Cisco Security Agent, it was tough keeping those systems secure, Swanson says. No matter how often he warned users about new viruses and advised them not to open attachments, they inevitably would. "You can tell them all of the things you want, and they'll still do the wrong things. They'll open an attachment and blow their systems up," he says. "Literally every week, one guy would blow up and then another guy would blow up." Those all-too-frequent system blowups required two part-time system administrators constantly working to get the systems running again.The company still uses its antivirus software to block bugs already discovered. But the Cisco Security Agent is "an added layer of defense for us," Swanson says.
Intrusion-prevention systems are not entirely new. About five years ago, startups such as Entercept, Intruvert, Okena, and OneSecure all launched first-generations systems, and larger security vendors quickly acquired these companies.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
