Intrusion-prevention systems still not used full-throttle

Reasons cited were reliability, throughput, traffic latency and false positives.

Network-based intrusion-prevention systems are in-line devices intended to detect and block a wide variety of attacks, but the equipment still is often used more like an intrusion-detection system to passively monitor traffic, new research shows.

Infonetics Research interviewed 169 security professionals responsible for managing IPS in their organizations to find out whether the full functionality of the IPS filters for blocking attacks was actually used, and the reasons why if not. The study, commissioned by IPS vendor TippingPoint, included its product, as well as those from Cisco, IBM, McAfee and Sourcefire.

"People are still very cautious with IPS," says Jeff Wilson, principle analyst for network security at Infonetics. "My main impression is we are still not in an all-IPS world, as much as everyone would like to pretend we are."

Cisco is the dominant vendor in IPS, and the survey reflected that, with 77 Cisco IPS customers, along with 38 TippingPoint customers, 36 IBM ISS Proventia customers, 26 McAfee IPS customers and 15 Sourcefire IPS customers -- which all offered detailed descriptions of how they use IPS in their companies. The average size of each company was 9,418 employees.

The first step in IPS is typically the decision to use it in-band or not, and Infonetics found that 91 percent of TippingPoint customers did so, along with 70 percent of Cisco customers, 67 percent of IBM and McAfee customers and about 55 percent of Sourcefire customers.

Reasons cited for not wanting to run IPS in-band were reliability, throughput, traffic latency and false positives.

For those using IPS in-band, the next step is deciding how many of the device's available filters to activate in order to block different types of attack traffic. The survey found those using IPS in-line often didn't apply all the filters in blocking mode, but sometimes simply in alert mode. IPS filters to block were applied far more in TippingPoint and IBM equipment, but much less often in Sourcefire In IBM, Cisco and McAfee equipment, blocking and alert-only were activated about half-and-half in a mixed mode.

According to the survey, filter updates offered by vendors are applied 40 percent to 74 percent of the time, depending on the product.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags intrusion prevention systems

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?