Our position puts us in the minority: Though we think NIP systems can enhance an existing security infrastructure, we don't consider integrating intrusion prevention and firewalls into a single unit a desirable goal.
Firewalls have a largely static configuration: Firewall administrators define what is acceptable traffic and use the features of the firewall to instantiate this policy. Some firewalls provide better protection features than others--for example, an HTTP application-level proxy is far superior to an HTTP stateful packet-filtering firewall at blocking malicious attacks--but the basic idea is the same: Your firewall administrator can be confident that only allowable traffic will pass through. If you have doubts about your firewall, get a new one from a different vendor, send your firewall administrator to Firewall Admin 101, or get a new firewall administrator.
Not surprisingly, when we asked you why you're not blocking traffic using NID (network-based intrusion-detection) systems, 63 percent of you said you use a firewall to determine legitimate traffic (see E-Mail Poll results).
But people make mistakes, so misconfigured firewalls are a common source of network insecurity. This simple fact has been used as a selling point for both intrusion-detection and -prevention systems, with vendors claiming their products will alert you to, or block, attacks that do get through.
The answer: Instead of layering on more hardware, solve the fundamental problem of misconfiguration. Unfortunately, though, it's not that simple. If you're enforcing traffic policy on your network using a stateful packet-filter firewall--such as Cisco Systems' PIX, Check Point Software Technologies' FireWall-1 or NetScreen's eponymous product--without security servers or kernel-mode features enabled, you should know that application-layer exploits, such as server-buffer overflows or directory-traversal attacks, will zoom right through. Stateful packet filters stop at Layer 4.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
