Imagine what would happen if the police in a major city regularly published their plans to stop crime and catch thieves, including where all patrols are every hour. Do you think crime would go up? Do you think successful robberies would increase?

Now think about network intrusion prevention. Some of the most widely used intrusion prevention system (IPS) signatures are freely available online for anyone to download. I’m willing to bet that most cybercriminals have studied those rules and are constantly inventing new ways to beat them.

The fact that nearly all of these rules are based on pattern-matching — a method of identifying known threats and exploits — only continues to increase an attacker’s chance of success in breaching your network and getting to your business-critical data.

Issues With Old Network Protection Systems

Commonly, IPSs have focused on preventing specific exploits or known attack patterns. Using these pattern-based signatures, when an IPS found something it knew to be a threat, it could stop it. But developing a signature for each and every known exploit (as opposed to focusing on protection at the vulnerability level) was and is an onerous task, and using so many signatures can severely degrade the performance of your network security devices. Sacrificing network performance for protection was not an attractive trade-off.

There is a long-standing debate on the effectiveness of pattern-matching signatures. The simple truth is that the nature of threats has evolved over time. There has been a steady rise in unknown threats, such as zero-day attacks and mutated threats, compounded by advanced evasion techniques that obfuscate a strike. By definition, we do not yet have a pattern-based signature for the threats we’ve never seen before. So it begs the question: How do we stop this growing number of unknown threats?

Using Deep Packet Inspection for Intrusion Prevention

Pattern-matching signatures, while helpful in some instances, are simply no match for the tidal wave of evolving threats most organizations are up against today. But if you were able to inspect the content inside the data packets traveling along your network as opposed to just looking for known patterns, you would be in a much better position to protect yourself.

That’s where deep packet inspection (DPI) can help. DPI is software technology that provides the ability to inspect any network packet to its very end.

The advantages of doing so are clear: Full parsing of the content layers of the packet (layers six and seven) is the only reliable way to detect some of the most dangerous attacks, which are often mutated or obfuscated using embedded content, special encoding schemes, compression or nonstandard syntax.

By inspecting and recognizing the entire application payload of a packet, DPI enables intelligent security threat detection with heuristics and behavioral-based rule sets that is simply not possible with pattern-matching technology.

Protocol Analysis Module Stops Tomorrow’s Threats Today

Since 1999, IBM’s intrusion prevention products have been using deep packet inspection to protect networks. The core IPS protection engine is the IBM Protocol Analysis Module (PAM), developed by IBM X-Force.

PAM offers full DPI through layer seven and applies heuristics and behavioral analysis to its findings to identify both known and unknown threats, even within encrypted traffic. It is highly tuned to block suspicious content while letting legitimate traffic pass through.

Additionally, our next-generation IPS offers throughput speeds of up to 25 Gbps, so you don’t need to sacrifice performance for protection. So that malware hiding inside an image inside the PDF file you received attached to an encrypted email? Yeah, we can detect and block that.

If you’d like to learn more about the IBM Protocol Analysis Module, watch the on-demand webinar “Breaking the Pattern: The Importance of Deep Packet Inspection for Intrusion Prevention.” Not only will you learn more about PAM and how it works, but our IBM X-Force team will discuss specific examples of how PAM’s unique approach has protected against vulnerabilities months and even years before exploits were disclosed.

More from Mainframe

How Dangerous Is the Cyberattack Risk to Transportation?

If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware attacks. In one event, attackers breached the New York Metropolitan Transportation Authority (MTA) systems. Thankfully, no one was harmed, but incidents like these are cause…

Low-Code Is Easy, But Is It Secure?

Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion in 2020. The market is forecast to reach over $47 billion in 2025 and $65 billion in 2027 with a CAGR of 26.1%. Very few,…

Starting From Scratch: How to Build a Small Business Cybersecurity Program

When you run a small business, outsourcing for services like IT and security makes a lot of sense. While you might not have the budget for a full-time professional on staff to do these jobs, you still need the services.However, while it might be helpful to have a managed service provider handle your software and computing issues, cybersecurity for small and medium businesses (SMBs) also requires a personal, hands-on approach. While you can continue to outsource some areas of cybersecurity,…

A Journey in Organizational Resilience: Supply Chain and Third Parties

The next stop on our journey focuses on those that you rely on: supply chains and third parties.  Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call when it comes to cybersecurity resilience. You see, the purpose of using external partners is to take advantage of a capability that your organization did not have, or the vendor was just better at than you. In turn, there was…