Volkswagen Beetle streaking through space at 10,000 miles per hour. Today, analysts and some industry pundits are taking aim at the very legitimacy of the intrusion-prevention vision and suggesting that the functionality ought
to be incorporated into firewalls.
We disagree, at least for the foreseeable future. NIP systems have a place in a comprehensive security scheme. At the very least, they can buy you time to patch. We tested the NetScreen-IDP 500 and Network Associate's McAfee IntruShield 4000 in our Syracuse University Real-World Labs® and found that each did a good job blocking known attacks, though we did need to be selective about blocking so as not to shun legitimate traffic.
After firing our arsenal of malicious packets at the devices in a controlled environment, then deploying them on our live network, we gave the IntruShield 4000 our Editor's Choice award. Though it's much pricier than the IDP 500, it showed fine performance up to 1.2 Gbps, with average latency of just 1 to 2 ms.
The closer you place security tools to vulnerable systems, the safer your data. The data that is valued by attackers resides on your network-attached desktops and servers, so you need to protect the applications that hold that data--or are gateways to it--just as you protect underlying operating systems.
These are two distinct and difficult tasks, but instead of slavishly girding your network perimeter, adopt the mind-set that you'll design with a focus on protecting assets and denying malfeasants access to where those assets reside. Here are two best practices to start you on the road to enlightenment:
Harden the underlying OS by removing unnecessary services and applications. The remaining services should be run on nonprivileged accounts whenever possible. Removing services takes away attackers' access methods. Removing applications hobbles attackers, temporarily at least, if they do gain access to a server because tools may not be immediately available, and potentially vulnerable programs are not accessible for local-privilege escalation attacks. Oh, and keep current on patches.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
