Ninety percent of Web applications are vulnerable to attack, even after developers think they have "fixed" the...
problem, according to a study by security firm Imperva on the vulnerability of public and private Web applications . Moreover, as indicated by Internet security firm Symantec, 50% of corporate networks have been compromised during the second half of '03 -- a significant growth from just 16% of companies earlier in the year .
Damage due to hacking and viruses has increased dramatically, but the more serious problem is that hacking technologies and viruses themselves have become more and more advanced and virulent. Take the example of the agobot virus that occurred last April. The virus was capable of repeatedly rebooting a company's server, creating a high level of traffic, activating other worm viruses already existing in the PC and uploading and downloading files. The ability to upload or download files seriously breaches a company's security as important, confidential documents can be leaked.
As such vicious attacks compromising security on a network are increasing, companies that have been relying on basic security systems such as vaccines or firewalls are now looking for intelligent next-generation products to protect their systems. As a result, intrusion-prevention systems (IPS) are increasing in popularity.
An intrusion-prevention system organically connects all the information protection solutions within a network so that cyber terror can be detected before it infects the system, blocked, then traced to provide recovery services. Currently, intrusion-detection systems or firewalls are useful in preventing attacks or in analyzing how the intrusion occurred, but are unable to analyze new weaknesses in the system, analyze it and then order the system to set up a firewall. IPS overcomes such deficiencies and has received much acclaim by industry analysts as a next-generation security solution capable of reacting actively to hacking, worm viruses, and cyber terror.
However, the rapid rise in IPS has spurred many security and network solution firms to release similar products causing the concept of IPS to become blurred -- creating much confusion for companies searching to establish a next-generation security system.
So what are the standards in selecting an IPS? Let's review a few important optional standards of IPS functions.
Providing service that does not lower performance
In order to provide security services that do not lower network performance, security equipment must be installed "in-line" on the network. In order to run the system in the in-line mode, the network must be able to process data quickly.
In addition, bypass equipment must be installed for instances when the security system fails to properly execute because of defects or malfunctions with in-line mode installations. Bypass equipment securely maintains a company's network environment by preventing traffic from going through the security equipment when the equipment is not functioning properly.
Rapid response to new worms and attacks
An automatic updating service is very important. If updates have to be executed manually, the pain of the network manager is unimaginable. Needless to say, there are so many worm viruses and for most viruses, the network manager must input over 20 character strings in the filter setting. If even one character is typed in incorrectly, there will be a big hole in the company security system.
A convenient user environment
For example, if the attack log is provided categorizing attacks by type and level of threat, users can easily confirm the condition of the network. Attacks within the same society and using the same destination IP can occur at a speed of several thousand a second. Rather than report the same attack thousands of times to users, the function to group these attacks will prevent a waste of resources.
Additionally, when delivering an attack log, a function to provide the attack source and information in graph format in real time would enhance users awareness, similar to a submarine radar. Providing information about the network in this format allows users to see what is going on throughout the network and respond as necessary.
It must be clear that the stability of a company network system is directly connected to its profit. All the internal operational processes and external customer services are connected through the network -- network stoppages or slow transmission speeds due to a worm, virus or hack all result in great losses like the loss of customers, negative company image and loss of efficiency in business operations. Companies must be aware of these losses by recognizing the importance of establishing a security policy and make every effort to deploy a more effective security system.
About the Author:
Radware (NASDAQ:RDWR) is the Global Leader in intelligent application switching, enabling the complete security, maximum performance and full availability of all mission critical networked applications while dramatically cutting operating and scaling costs. Radware's integrated application security, application infrastructure and end-to-end connectivity solutions are deployed by over 2,500 enterprises and carriers worldwide. Radware offers the broadest product line in the industry meeting end-to-end application needs at every critical point across the network including Web and application servers, firewalls, VPNs, ISP links, anti-virus gateways and cache. For additional information, visit Radware online at www.radware.com.