Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Intrusion prevention systems (IPS) are forcing organisations to choose between performance and a maximum level of security.
Ash Patel, country manager for UK and Ireland at Stonesoft, said that this is a "familiar" flaw within network security, despite technological advancements.
“Most IPS devices, no matter how well they fare in industry tests, are still compromised by their inability to balance advanced inspection with high traffic volumes.”
He also claimed that many solutions that deliver normalisation are too poor to be of practical use against evolving threats.
“Researchers in the field of evasions understand that traffic normalisation is the Achilles' heel of IPS. This process, which is responsible for correctly interpreting strange and possibly malicious traffic, is required to adequately protect the network against threats.
“Evasions and other network threats have become more prevalent and more advanced in the way they are designed and delivered. However, traffic normalisation is also a time-consuming process, which threatens to slow down overall network performance.”
He also claimed that fixing the problem is not simple as implementing more aggressive traffic normalisation which will noticeably slow down the network.
Security vendors are unable to easily resolve the problem because the filtering process is closely tied to a hardware-based architecture and normalisation has traditionally only occurred at the TCP/IP level, he said.
Matt Jonkman, cheif executive officer of Emerging Threats Pro and creator of the open source IPS technology Suricata, said with more rules there is less throughput.
“People are spending $15,000 on appliances but they only have one core."
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.