01-12-2011 08:04 AM
Here is an excerpt from Gartners MQ 2010 Network Intrusion Prevention Systems:
Extra-IPS Intelligence
An IPS embedded within an NGFW will have the best opportunities for interaction through tightly
coupled operation, rather than as separate products. As vulnerability research has improved, the
gap between vulnerability exploitation and IPS signatures to protect that vulnerability has closed.
Future protection improvements of significance will come from bringing intelligence into the IPS
from external sources instead — points the IPS does not normally have visibility within. Examples
include vulnerability management data, reputation data or known external sources of malware,
directories and firewalls. Vulnerability management allows for blocking to be done with knowledge
of the target (for example, no need to block an attack that the server has been patched for).
Reputation feeds can provide intelligence to the IPS in terms of the source (for example, only
malware has ever come from that location). Most extra-IPS intelligence today is provided to
operators and is not made use of automatically within the IPS decision engine. Future IPS
improvements will see better correlation through more-active use of this intelligence.
I believe this is an important point and this should be the way to go in the future for IPS. PAN can you do something ?
