Next Generation Intrusion Protection Systems

There has been improvement in IDS/IPS over time due to improvements in hacking skills by hackers. This has involved introductions of; stepping up IPS from 1 or 2 Gbps upto40 to 50 Gbps which provides the ability to monitor several segments of the network (Pirc, 2017). This eliminates one way attackers from gaining access and control of user’s computer.

Another means by which hackers accessed user’s system was by redirecting users to popular website which then directs users to hackers’ site; this was done by iFrame redirects (Pirc, 2017). This required IDS/IPS vendors to provide countermeasures of blocking malicious command & control IP addresses as well as websites that were known to host malware by reducing the time it takes to detect threats.

The creation of Next Generation Intrusion Prevention Systems (NGIPS) includes features like application and control that detects network traffic for known attack signatures and their alerts (Savage & Forgaty, 2017). It also stops the attack from proceeding into the user’s network counting on how it is deployed.

There are also advanced persistent threats resulting from phishing attacks from documents tainted with malwares (Savage & Forgaty, 2017). This has been addressed by introduction of devices with sandboxing and or emulation capabilities.  Sandboxing addresses the ability to find a zero-day malware as traffic that contained executable documents from web or email are forwarded to Breach Detection System.

Bad files sent to the administrator as being malicious MD5/SHA checksum (Pirc, 2017). It is the checksum that verifies the integrity of these files and text messages. Therefore if checksum that enters the network is similar to the one that is on vendor’s file then sandbox alerts the administrator about the malware in the network.

Currently used detection system is the Next Generation Firewalls (NGFWs) as organizations will no longer need to buy and manage several devices unlike previously.

The hackers’ threats are gradually changing and thus security promoters are concentrating on high accuracy modifications to detection systems.

References

Savage, M. and Forgaty, S. (2017). 5 Benefits of Next-Generation Firewalls. Retrieved on August 6, 2018 from:  https://www.networkcomputing.com/networking/5-benefits-next-generation-firewalls/57886367

Pirc, J. (2017). The Evolution of Intrusion Detection/Prevention: Then, Now and the Future. Retrieve on August 6, 2018 from: https://www.secureworks.com/blog/the-evolution-of-intrusion-detection-prevention