Internet Security Solutions (ISS) has thrown down the gauntlet to firewall vendors, releasing a low cost intrusion prevention system (IPS) directed towards the small- to medium-business market.
The product, the Proventia M30, is designed to secure up to 500 network users and combines intrusion prevention and detection, firewall, VPN, anti-virus, web-filtering and anti-spam in the one box.
“For the past 10 years, ISS has traditionally catered for high-end users,” ISS Australia managing director, Kim Duffy, said. “M30’s level of security has previously been unavailable or unachievable for smaller business because of the cost and complexity of other so-called stand alone solutions.”
The release of this product could put ISS in direct competition with firewall vendors, although Duffy said that there would always be a market for firewall.
“It is our intent to compete against firewall vendors,” Duffy said. “You’ll find most security vendors at the top end are doing the same thing.”
A problem may lie in the fact that firewall technology was fairly well understood, as opposed to the confusion surrounding IPS.
“IPS is arguably much more complex,” Duffy said. “Those who criticise it simply don’t understand it. To put it simply, these days firewall and anti-virus protection are not enough. We believe it’s important to educate people about this.”
IPS is a newer technology that has previously been criticised by some analysts as the stillborn progeny of a legacy technology, intrusion detection system (IDS).
But, according to Gartner analysts, “intrusion prevention is gaining importance while intrusion detection is fading away.”
The difference between the two systems is access control as opposed to access monitoring. An IPS is placed between the firewall and the internal network, and blocks any suspicious traffic such as worms, viruses or hackers. An IDS is a passive device installed on one or more internal subnets that is designed for detection and analysis rather than prevention.
Problems have previously arisen with IPS technology in the form of “false positives”, when the system blocks legitimate traffic.
“We have now pretty well-eliminated false positives,” Duffy said. “It rarely, if ever occurs.”
An IPS device is also designed to work in-line, presenting a potential choke point and single point of failure.
But, according to a report from independent network and security testing organisation the NSS Group, IPS technology might not be perfect, but at present it is the best security tool available.
ISS also have plans to release a home version of its Intrusion Protection technology in the near future.