This resource is no longer available
Rethinking Perimeter Security: New Threats Require Real-Time Protection
Over the last few years, networked resources have become increasingly available to a wide audience of customers, partners, suppliers, and the general public. As a result, more and more people have become reliant upon instantaneous access to information and services in order to do business. The importance of network availability has become paramount and it is therefore apparent that the network has become a target for attacks. Network infrastructure was designed to provide connectivity and not to limit connectivity.
Early developments in corporate network security included the firewall, which was intended to limit network traffic only to those users deemed necessary for its business to function. However, malicious hackers found ways to circumvent the firewall and attack the network, causing adverse and costly outages. The next important development was the intrusion detection system (IDS) that was designed to alert network administrators of attacks targeting known vulnerabilities in the network fabric. Difficulty in administration, high cost of maintenance, and the need for manual intervention rendered the IDS largely ineffective for addressing these network attacks. To address this last limitation, some IDS vendors began to not only flag network attacks, but also block them, and the in-line intrusion prevention system (IPS) was created.