The “P” in IPS stands for prevention, but these days it seems more like “porous,” users and experts say.

Intrusion detection systems (IDS) and intrusion prevention systems (IPS), which catch “known” threats, are hard-pressed to keep pace with today’s ever-changing, application-specific exploits, according to experts. Researcher HD Moore and colleague Brian Caswell at next month’s Black Hat conference will demonstrate just how vulnerable these security tools are to application-level attacks.

Click HERE to read complete article…

Here’s our take:

Every point in it is valid, but the issue really is this: People expect insert technology name here to be a silver bullet to solve all their problems. Plug an IDS/IPS into your network and expect every security issue to be automatically fixed. That’s not the case.

Vendors became overzealous in marketing the technology and over play the “whiz-bang” aspects of tool instead of promoting what its actually useful for- an automated audit trail of suspicious activity in an environment. When a network administrator looks at an IDS/IPS and says “it doesn’t ‘do’ anything” they are expecting the wrong things. No technology is a silver bullet, but combining multiple layers of technology creates a strong web of security. Lock down your perimeter routers, allow only known traffic. Create firewall rules that allow the proper services to have the proper access and continually monitor its activity. Place Network IDS/IPS behind the firewalls to inspect, record and stop activity and only create policies that are relevant to the environment it’s on, that means creating a policy from scratch, not relying on stock policies. Use Host Antivirus and Personal Firewalls to prevent activity at the node and enforce their use. Scan your servers and workstations for vulnerabilities and update or turn off unused services accordingly.

Most importantly of all, and before any hardware or software is placed in an environment; create a security policy that addresses how events and issues are handled, who is responsible for their remediation and what steps will be taken when an event occurs. No piece of the security puzzle is complete in and of itself, but together the goal of compressive security can be achieved.