Intrusion-prevention systems still not used full-throttle

Reasons cited were reliability, throughput, traffic latency and false positives.

Network-based intrusion-prevention systems are in-line devices intended to detect and block a wide variety of attacks, but the equipment still is often used more like an intrusion-detection system to passively monitor traffic, new research shows.

Infonetics Research interviewed 169 security professionals responsible for managing IPS in their organizations to find out whether the full functionality of the IPS filters for blocking attacks was actually used, and the reasons why if not. The study, commissioned by IPS vendor TippingPoint, included its product, as well as those from Cisco, IBM, McAfee and Sourcefire.

"People are still very cautious with IPS," says Jeff Wilson, principle analyst for network security at Infonetics. "My main impression is we are still not in an all-IPS world, as much as everyone would like to pretend we are."

Cisco is the dominant vendor in IPS, and the survey reflected that, with 77 Cisco IPS customers, along with 38 TippingPoint customers, 36 IBM ISS Proventia customers, 26 McAfee IPS customers and 15 Sourcefire IPS customers -- which all offered detailed descriptions of how they use IPS in their companies. The average size of each company was 9,418 employees.

The first step in IPS is typically the decision to use it in-band or not, and Infonetics found that 91 percent of TippingPoint customers did so, along with 70 percent of Cisco customers, 67 percent of IBM and McAfee customers and about 55 percent of Sourcefire customers.

Reasons cited for not wanting to run IPS in-band were reliability, throughput, traffic latency and false positives.

For those using IPS in-band, the next step is deciding how many of the device's available filters to activate in order to block different types of attack traffic. The survey found those using IPS in-line often didn't apply all the filters in blocking mode, but sometimes simply in alert mode. IPS filters to block were applied far more in TippingPoint and IBM equipment, but much less often in Sourcefire In IBM, Cisco and McAfee equipment, blocking and alert-only were activated about half-and-half in a mixed mode.

According to the survey, filter updates offered by vendors are applied 40 percent to 74 percent of the time, depending on the product.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags intrusion prevention systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?