Intrusion prevention systems have become one of the most critical layers in today’s network security infrastructure. Although a mature technology, intrusion prevention technologies employ some of the most sophisticated analysis capabilities available and are tasked with identifying and blocking an incredibly wide range of attacks, while doing so at lightning fast speeds required in today’s enterprises. It is clear that today’s intrusion prevention system must deal with an even broader and more sophisticated attack spectrum.

Looking back at the key trends of 2012, and the developments throughout the first half of 2013, today’s IPS technology needs to address several key areas. Let’s take a look at the four most critical:

1. Phishing Attacks and Malware Sites

As Phishing attacks become more prevalent, targeted and sophisticated, it is critical that an IPS is able to help protect both targeted users and the greater organization as a whole. Years ago, email security and anti-spam were the main solutions deployed for keeping phishing email from reaching users.  Today, with the increasing adoption of social media, inspecting email isn’t enough.

Organizations need to have a way of securing the newest delivery mechanism for these attacks, such as social media. In addition to educating users on best practices, an IPS can be instrumental by granularly controlling access to social media sites that may be used as a delivery mechanism for phishing messages, as well as blocking access to known malware sites if a user inadvertently clicks a malicious link in an email that was not flagged as spam. In modern Spear Phishing attacks, social media sites catering to professionals are a preferred choice for attackers, making securing access to these sites a key priority for network security professionals.

2. Web Application Attacks

For the last several years, attacks targeting vulnerabilities in web applications have reined supreme. In fact, out of all of the disclosed vulnerabilities, Web application vulnerabilities have made up roughly 40-50% – a staggering number considering the thousands of vulnerabilities disclosed every year.

Modern day intrusion prevention systems must now deal with application-layer attacks,including providing monitoring and blocking of high severity web application attacks such as SQL injection and Cross-site Scripting. In many cases, IPSes can be used in conjunction with a Web Application Vulnerability Scanning tool to provide near-term protection as vulnerabilities are found and subsequently fixed.

3. Attacks Hidden in SSL Encrypted Traffic

This one is pretty straight forward – if you can’t inspect it, you can’t secure it. With the extensive use of SSL encryption in a variety of applications – including popular spear phishing vehicles like Facebook and Twitter – intrusion prevention systems must have the ability to look into encrypted sessions to identify potential security risks or attacks.

This could be a user accessing a a malware-infected site over SSL (possibly through a shortened link)or an external attacker using SSL to mask communication with a botnet command-and-control server. Since this type of inspection can often be very performance intensive, it is critical that today’s IPS solutions are able to perform this type of  inspection extremely quickly and with minimal disruption.

4. Multi-faceted Attacks and APTs

With attackers now executing targeted, multi-faceted attacks, an IPS can no longer function in a silo. Modern intrusion prevention systems need to be able to integrate with other security technologies to help security administrators understand what other events are occurring outside their immediate view of the network. They also need to be able to provide security events and data flows to other analysis tools to perform critical correlation and anomaly detectionfunctions. This enables network security professionals to detect security threats that may have already penetrated perimeter defenses and are now hiding within the internal network.

Intrusion prevention systems continue to be the cornerstone of any organization’s main line of defense and will need to constantly evolve to meet the changing demands of securing today’s complex network environments. This includes adapting to new types of attacks, as well as attacks that are constantly mutating, while keeping pace with the speed and connectivity requirements within the Enterprise.

More from Mainframe

How Dangerous Is the Cyberattack Risk to Transportation?

If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware attacks. In one event, attackers breached the New York Metropolitan Transportation Authority (MTA) systems. Thankfully, no one was harmed, but incidents like these are cause…

Low-Code Is Easy, But Is It Secure?

Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion in 2020. The market is forecast to reach over $47 billion in 2025 and $65 billion in 2027 with a CAGR of 26.1%. Very few,…

Starting From Scratch: How to Build a Small Business Cybersecurity Program

When you run a small business, outsourcing for services like IT and security makes a lot of sense. While you might not have the budget for a full-time professional on staff to do these jobs, you still need the services.However, while it might be helpful to have a managed service provider handle your software and computing issues, cybersecurity for small and medium businesses (SMBs) also requires a personal, hands-on approach. While you can continue to outsource some areas of cybersecurity,…

A Journey in Organizational Resilience: Supply Chain and Third Parties

The next stop on our journey focuses on those that you rely on: supply chains and third parties.  Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call when it comes to cybersecurity resilience. You see, the purpose of using external partners is to take advantage of a capability that your organization did not have, or the vendor was just better at than you. In turn, there was…