McAfee IntruShield 4000, Network Associates, (972) 963-8000.
www.networkassociates.com
The NetScreen-IDP 500 has many features comparable to those found in the much pricier IntruShield 4000 and has more straightforward management to boot. Firewall administrators will feel right at home with IDP's rule-based policy, which is flexible and tunable. IDP's sensor, like IntruShield's, can capture packets inline, using an external tap, or from a switch span port; however, it can capture packets using only one mode. Also like its rival, IDP can drop packets and streams while in inline mode, and it can send TCP resets or ICMP unreachables to block malicious traffic in one-arm mode as well.
The device's reporting leaves much to be desired, however, and narrowing down alerts to specific sets of data is not nearly as straightforward a process as with IntruShield. Signature updates are free but must be initiated manually.
NetScreen seems to have strived to make the policy-definition process familiar and easy--and it has succeeded. We barely cracked a manual during testing. Rules are defined using a set of specifiers, such as source and destination addresses or ports, optionally defining a server or configuring an action. Each rule can be applied to all sensors or to a specific one. We could have had one large policy with specific sensors defined per rule, or we could have defined multiple policies and assigned them to individual sensors. We chose to define individual polices per sensor for our testing because we prefer to segregate policies.
Rules Rule
We found IDP's rule-based paradigm especially useful when tuning the policy for our production network. Our goal was to have the broadest policy enabled while keeping false positives to a minimum. However, our production network is not what you'd call static: We have a wide variety of technologies running all the time, and new servers are always being installed and upgraded. For example, we have a number of network managers that periodically scan and enumerate Syracuse University's Class B network. These guys triggered tons of alerts, so we created a host group that contained those managers, added a rule that ignored them, and applied the policy, making the alerts disappear faster than audiences at a screening of Gigli.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
