- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
 |
|
|
|
|
|
|
 |
 |
 |
||||
 |
 |
 |
 |
|||
 |
 |
 |
||||
 |
||||||
|
During the month of October, Chris da Silva, network manager at California State University in Hayward, spent 80% to 90% of his time combating network intrusions.
"My overall job here is maintaining the internal campus network, but most of my time then was spent dealing with security," he says. "And that included no-sleep nights."
The overtime was caused by of a flood of denial-of-service (DoS) attacks that occurred after da Silva and his staff thwarted some hackers trying to gain access to the network. Luckily for da Silva, late in the month the school began testing IntruVert Networks’ IntruShield 2600, an intrusion-prevention appliance that not only detects intrusion attempts but also blocks them. He put the device inline, set it to reset the offending connections and saw the DoS attempts and resultant network congestion decreased by half. "The change was instantaneous. [IntruShield] shut down all those ‘bots’ the hackers had hammering on us," he says.
Now da Silva says he spends 50% less time chasing down incidents than he did before installing IntruShield.
The power of one
Intrusion prevention is a new breed of security tool that combines the powers of intrusion-detection systems (IDS), firewall, antivirus and vulnerability assessment wares. The idea is to reduce the false positives that hamper so many of today’s IDS products and to take the next step: blocking intrusions in real time, before they hit the network.
Because the tools are new, they aren’t perfect. Da Silva says false positives can be a problem. "In the default threshold mode for SYNs [where hosts open up connections to other hosts], IntruShield will trigger a false positive if you have a busy mail server with a ton of SYNs in a certain amount of time," he says.
But these tools also can learn the network norm over time, curtailing false positives as a result. "You can set IntruShield to constantly update the activity that’s going on and reset its thresholds," da Silva says. "Then, only when it sees a sudden spike does it consider it an anomaly and block it. It’s more intelligent than a traditional IDS."
Intrusion prevention also is more expensive. According to da Silva, a base IntruShield 2600 model, with real-time detection speed of 600M bit/sec, costs about $34,000, and a 1G bit/sec 4000 model costs about $100,000.
Rss FeedRss Feed
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment