Wrapping a firewall around the perimeter is no longer sufficient to meet the needs of modern networks. Technologies such as IPS need to be pushed into the network, not just at the edge, but throughout the entire infrastructure.During Network World’s recent Security Technology Tour, we received a lot of questions about intrusion-prevention systems. The problem is that there is little agreement on what an IPS really is.The security experts on the tour agreed on one thing: An IPS must be inline. That is, packets have to move through the IPS to prevent intrusions. While the idea of resetting connections and changing firewalls is a good interim step, enterprise-class intrusion prevention will require that the IPS handle packets, dropping them when something is wrong. A second assumption about IPS is that it is a “permissive” technology. In other words, an IPS will drop a packet if it has a reason to, but the default behavior is to pass traffic along. In contrast, a firewall is a “prohibitive” technology: It lets a packet through only if it has a reason to. Obviously, firewalls are also intrusion-prevention devices. Some experts say that all IPS vendors are talking about is what firewalls should be doing. But the difference in the orientation of these technologies suggests that they are not the same.More importantly, because they are different, you can use a firewall or an IPS or both at any point in your network. At the perimeter, it’s reasonable to expect that a firewall also will have an IPS built in. But at the core of the network, inline IPS might be built into switches and routers. How do you convince purse holders to buy into IPS? There’s no easy answer to that. The “fear factor” approach can be useful. Make the decision-makers afraid. Point out the new legislation regarding liability. And perhaps you’ll see the money start to flow. But that’s not a long-term solution.For some, an IPS can be justified on the “nuisance factor” instead. By blocking the thousands of Code Red and MS-SQL Slammer attacks coming into the network every hour, the load on the firewall is lightened, the Internet connection is faster and the Web server logs are easier to analyze.For others, IPS justification will have to be part of a larger program of security, justified on the basis of traditional ROI analysis.What’s clear from tour attendees is that wrapping a firewall around the perimeter is no longer sufficient to meet the needs of modern networks. Technologies such as IPS need to be pushed into the network, not just at the edge, but throughout the entire infrastructure. Related content news Cisco patches actively exploited zero-day flaw in Nexus switches The moderate-severity vulnerability has been observed being exploited in the wild by Chinese APT Velvet Ant. By Lucian Constantin Jul 02, 2024 1 min Network Switches Network Security news Nokia to buy optical networker Infinera for $2.3 billion Customers struggling with managing systems able to handle the scale and power needs of soaring generative AI and cloud operations is fueling the deal. By Evan Schuman Jul 02, 2024 4 mins Mergers and Acquisitions Networking news French antitrust charges threaten Nvidia amid AI chip market surge Enforcement of charges could significantly impact global AI markets and customers, prompting operational changes. By Prasanth Aby Thomas Jul 02, 2024 3 mins Technology Industry GPUs Cloud Computing news Lenovo adds new AI solutions, expands Neptune cooling range to enable heat reuse Lenovo’s updated liquid cooling addresses the heat generated by data centers running AI workloads, while new services help enterprises get started with AI. By Lynn Greiner Jul 02, 2024 4 mins Cooling Systems Generative AI Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe