McAfee Security Insights

Host and Network intrusion prevention

Long gone are the days when simply monitoring network traffic for malicious content was enough to safeguard a company against network threats. These days, businesses must stay one step ahead of fast-moving attacks that use multiple vectors to bypass perimeter security and compromise network integrity.

Moving beyond alerts

Unfortunately, yesteryear’s intrusion detection systems do nothing to stop today’s blended threats – they simply detect hostile traffic and send alerts. By the time an administrator reacts to an alert, the attack has propagated across the entire network, if not the world. While traditional firewall and anti-virus solutions can prove valuable, they cannot proactively protect a network against a new generation of threats.

These days, companies need security solutions that offer zero-day protection in order to proactively safeguard against new exploits – without having to waste precious days and weeks researching, downloading, and deploying new patches.

A proactive approach

Intrusion Prevention Systems (IPS) can help by providing advanced security that blocks hostile traffic, thus preventing attacks before they wreak havoc.

There are two primary types of IPS product solutions: Host IPS (HIPS) and Network IPS (NIPS). HIPS is an agent that resides on individual systems such as servers, workstations, and notebooks. These systems inspect traffic flowing into or out of a particular system, and monitor the behavior of the applications and operating system for signs of an attack.

When an attack is detected, the HIPS agent blocks it and prevents the attempted compromise of the system. Acting as a network’s last line of defense, HIPS technology protects systems from attacks that have bypassed all other security tools – including firewalls, anti-virus, desktop firewalls, and NIPS.

NIPS, on the other hand, is deployed in-line with the protected network segment. All data that flow between the protected segment and the rest of the network must pass through the NIPS device. As the traffic passes through the device, it is inspected for the presence of an attack if detected, threats are blocked in real-time, providing proactive protection against zero-day encrypted and DOS attacks.

By working at the network level, NIPS provides a broader view of the threat environment, and allows security managers to protect operating systems and network devices not protected by HIPS agents.

Combined strengths

Because HIPS and NIPS technologies are situated in different locations of a network, they offer specific and distinct benefits. However, when combined, HIPS and NIPS work together to provide complementary layers of protection. Their built-in anomaly and behavioral rules offer zero-day protection, thereby reducing the urgency of patch deployment, and providing critical protection during windows of vulnerability.

Out-of-the-box solutions, such as IntruShield and Entercept, also allow systems administrators to deploy patches in accordance with existing processes, thereby saving both time and money.

In the end, deploying both “best of breed” technologies guarantees the highest level of protection of critical assets, as neither technology alone defends against all threats. The result is a comprehensive and robust defensive posture, resulting in significantly lower risk, more efficient use of scarce security resources, and lower operating costs.

Resources

Click here for more information on McAfee Host Intrusion Prevention Software.

Learn more about McAfee Network Intrusion Prevention Software.