Fear of cyberterrorism, new regulations like HIPAA and a rash of well-publicized network vulnerabilities have moved security to the top of many organizations' agendas: Forty percent of nearly 1,000 IT managers surveyed by IDC rated security their highest priority. And IDC predicts security spending will grow from $66 billion in 2001 to $155 billion in 2006. Lots of vendors are angling for a slice of this pie, so if there isn't a piece of hardware or software out there yet to solve your problem, just wait a minute.
Two key areas to watch are automated attack blocking and endpoint protection.
• Automated attack blocking: IDSs and firewall integration were the forerunners of this product field, which is putting an emphasis on NIP (network intrusion prevention). The only way NIP will succeed is if intrusion detection increases in accuracy. Blocking authorized traffic hinders business processes while allowing malicious traffic keeps your network vulnerable. Vendors are trying to increase accuracy by blending multiple detection methods--such as signature and traffic-anomaly detection. Thorough testing of the accuracy of the IDS component is required prior to enabling automatic blocking. NIP products can act as high-speed, high-performance IDSs, so they can pay off even if you're skeptical about intrusion prevention.
Application firewalls can raise the network protection bar, too, though you'll pay a price in performance because of the extra processing required to delve deeper into the application protocol. We have found, however, that many application proxies can break the 100-Mbps barrier, making them suitable for internal firewalls in addition to their conventional placement at the perimeter, with minimal degradation.
• Endpoint protection: Much attention has been focused on pushing protection not just to the edge but inward, toward internal resources, and rightly so (see "Secure to the Core," at www.nwc.com/1401/ 1401f1.html). Guarding typical ingress and egress points is not enough. You need to deploy protection where the vulnerabilities reside--on the host. HIP (host intrusion prevention) is one way to ensure that applications access only those host resources that are required; they do this by capturing requests or modifying system calls for resources, such as files and network access. Because many attacks force an application to access unnecessary services, HIP products are well-situated to block attacks against the operating system--if the requesting application is denied access to resources at the kernel, attacks against the operating system are stopped in their tracks.
Finally, application-level attacks, such as those targeting Web applications, can be stymied by protocol-specific products, and desktop firewalls add a layer of protection by inspecting all the data that enters or leaves the machine and regulating network access for PCs and applications. Mobile users are particularly prime candidates for this type of protection; while desktop firewalls are not foolproof, they do block inbound network access and can regulate which applications have outbound access, further challenging potential attackers.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
REPORTS
ANALYTICS
Follow 
