The state of Intrusion Prevention Simon Perry - Principal Associate Analyst
[email protected] Twitter: 140letters1idea www.quocirca.com
[email protected] Twitter: Quocirca © 2009 Quocirca Ltd
MSSP HIPS
NIPS
© 2009 Quocirca Ltd
The
good, the
ugly
What do we need today?
IDS
What have we learned?
How did we get here?
Agenda
Does IPS have a future?
The evolution of IDS need IP everything
Root cause analysis
NW based attacks
NIDS
Forensics
© 2009 Quocirca Ltd
Malware vectors
The evolution of IDS need IP everything
Root cause analysis
NW based attacks
NIDS Zero day
Forensics
Malware vectors
HIDS
Application level attacks © 2009 Quocirca Ltd
Blended malware
Issues
Observe only Skills
Scalability
xIDS © 2008 Quocirca Ltd
Misfires
Prevention versus detection
Detect
• Signature • Heuristics
Report
xIPS © 2009 Quocirca Ltd
• Forensics • Root cause
• Block Action
• Remediate • Retaliate
Virtualisation challenges for NIPS
Vnetwork
Workload migration
migration Internal cloud(s)
External cloud provider(s)
Private cloud
Virtualisation adds some special challenges to network intrusion prevention © 2009 Quocirca Ltd
7 core NIPS challenges
NIPS
© 2009 Quocirca Ltd
Does NIPS have a future?
© 2009 Quocirca Ltd
About Quocirca Quocirca is a leading primary research and analysis company with native language research capabilities across the whole of Europe, along with North America and the Asia Pacific region. Through its hard fought for independence, Quocirca is not beholden to any one vendor. Therefore, its advice is free from vendor bias and is based purely on the analysis of the primary research it carries out, combined with the broad knowledge and analytical capabilities of its highly experienced team of analysts.
© 2009 Quocirca Ltd