With IPS, choose security or performance

Intrusion prevention systems (IPS) are forcing organisations to choose between performance and a maximum level of security.

Ash Patel, country manager for UK and Ireland at Stonesoft, said that this is a "familiar" flaw within network security, despite technological advancements.

“Most IPS devices, no matter how well they fare in industry tests, are still compromised by their inability to balance advanced inspection with high traffic volumes.”

He also claimed that many solutions that deliver normalisation are too poor to be of practical use against evolving threats.

“Researchers in the field of evasions understand that traffic normalisation is the Achilles' heel of IPS. This process, which is responsible for correctly interpreting strange and possibly malicious traffic, is required to adequately protect the network against threats.

“Evasions and other network threats have become more prevalent and more advanced in the way they are designed and delivered. However, traffic normalisation is also a time-consuming process, which threatens to slow down overall network performance.”

He also claimed that fixing the problem is not simple as implementing more aggressive traffic normalisation which will noticeably slow down the network.

Security vendors are unable to easily resolve the problem because the filtering process is closely tied to a hardware-based architecture and normalisation has traditionally only occurred at the TCP/IP level, he said.

Matt Jonkman, cheif executive officer of Emerging Threats Pro and creator of the open source IPS technology Suricata, said with more rules there is less throughput.

“People are spending $15,000 on appliances but they only have one core."

This article originally appeared at scmagazineuk.com