Now the market is crowded with vendors, such as Check Point Software Technologies, Cisco, Internet Security Systems, Juniper, McAfee, and Symantec, that have already incorporated intrusion-prevention capabilities into their firewalls, antivirus apps, and intrusion-detection systems, or are beginning to do so. There's also a number of smaller startups, including Determina, Platform Logic, Sana Security, and TippingPoint, that provide gear with various types of intrusion-prevention capabilities for PCs and network traffic.
Typically, intrusion-prevention systems can be thought to run in two modes. In passive mode, they act like conventional intrusion-detection systems and set off alarms when attacks are under way. In prevention mode, however, they can be set to decide which types of traffic and attacks to block. But prevention mode has some security-professionals wary because it can create false positives that alert administrators to attacks that aren't really attacks and then automatically block the allegedly bad traffic. That means legitimate traffic could be blocked.
"I've had customers tell me that if 1% of legitimate traffic is blocked that we could come back and pick up our box," says Parveen Jain, executive VP of marketing and strategy at McAfee.
 |
 |
The U.S. Army Reserve Command has McAfee's intrusion-prevention systems installed at key locations, including data centers, Chris Schuler, director of the security operations center says. |
The fact that intrusion-prevention systems might block legitimate traffic doesn't phase Chris Schuler, director of the security operations center with the U.S. Army Reserve Command. The command uses intrusion-prevention systems from McAfee to protect its critical networks and servers.
It took about three months for McAfee's Intruvert network intrusion-prevention system to learn the normal behavior of the command's network and more actively block attacks. "When security alerts [are sent out], we know what anomalies they're referring to and we can make better decisions," Schuler says. The U.S. Army Reserve Command has McAfee's intrusion-prevention systems deployed at key locations, including its data centers, he adds.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
