Intrusion Protection Systems get hot

Taxed with providing an ever-expanding range of complex security functions, IPS vendors are rising to the challenge, transforming their wares to go beyond simply identifying and stopping attacks based on updated threat profiles.

The IPS market is undergoing significant changes as demand for security services grows, said Jim Slaby, network security analyst at Yankee Group. “You see companies integrating IPSes, as well as pushing them to the edge of the network and also back to the center,” Slaby said.

Worldwide revenue for network-based in-line IPSes last year was approximately $128 million, according to a recent report by Infonetics, a research company. The report estimates a market growth rate of approximately 39 percent between 2004 and 2008.

Last week, Imperva released the latest version of SecureSphere Dynamic Profiling Firewall, designed to protect multiple environments and systems, including databases, Web services, and networks. The SecureSphere Firewall protects datacenters against external and internal Web application and Web services attacks, database breaches, and server worm infections.

In addition, Radware introduced a new version of its DefensePro IPS last week, designed to protect against hackers who exploit SSL tunnels to launch DoS and DDoS attacks.

Also last week, SourceFire announced a new version of its SourceFire 3D System IPS, which integrates anomaly detection capabilities into the product. The new version allows IT managers to set thresholds to measure suspicious activities, customize alerts, and automate responses. NitroSecurity recently released NitroSecurity IPS 6.0, which also uses both signature and anomaly

detection techniques to increase the speed of response to any threat. Also among recent releases, StillSecure’s Border Guard IDS/IPS includes enterprise functions to ease the administration of multiple Border Guard nodes.

The product allows companies to install one or more Border Guard nodes and use a new multinode manager to manage and administer each node centrally.

Last month, Top Layer Networks introduced SecureCommand+, which offers centralized IPS management with event correlation and a reporting engine.

In some cases, companies are integrating IPSes into switches. 3Com recently added several switches designed for converged networks with built-in quarantine protection, thanks to the company’s recent acquisition of IPS provider TippingPoint.

In addition to the IPSes, Avinti, a provider of e-mail outbreak protection, introduced iSolation Server 2.0 this month, using VM technology to test e-mail messages and identify viruses for which there are no known patterns or signatures.