The future of intrusion prevention technology

If divide and conquer is a successful strategy to solve the problem, then the invasion defense is still in the stage of differentiation. Most networks use firewalls, and many use IDs, which have anti-virus and anti-spam software, and some use IPs on some networks. But none of the distributors combine these technologies into one whole and manage them, making it easier to use.

In terms of the whole process, most network managers have a large number of efficient control ports on their networks, both peripheral and core. However, as any engineer has told you, a network with only a control port is not equivalent to a controlled network. The controlled network needs to measure ports, control ports, and feedback loops to ensure that all ports operate within limits. Of course, the data networks are different from the oil pipeline networks-and in many ways they are similar. We are in a safe system that we can control, but we don't know what to control and why we need to control it.

One of the comments about Unified threat Management (UTM) in the firewall seems to be better integrated management, and the answer is not to focus on a single box of functions. In a small network, a single UTM firewall is the only defensive port, and the advantages of a single management port are outstanding. However, when UTM dealers are trying to create individual station agencies out of security, they will gladly admit that UTM firewalls do not cover all baselines. If your UTM firewall has a virus scanner, does that mean you don't need antivirus software on the desktop? UTM firewall can also be a step back to solve the problem: Of course, you can now manage a separate port, but if you have two ports how to do?

Essential knowledge

A network with many distributed control points can be blamed for one reason: In the past, we hardly needed the knowledge of the network itself. But today, most networks are designed in large quantities with one or two of instructions, and this trend continues. Observe the growth of a small wiring cabinet exchanger with a Gbit port over the next 12 months, and you'll get further evidence.

It is much easier to build a large network of 10 times or more times the required capacity than to build a network that meets the requirements. Internet dealers have been following this trend wholeheartedly, and have provided a significant amount of economic incentives. In their minds, when a 10/100/1000 exchanger is sold for only hundreds of dollars, who will install a 48-port, 10/100-switch in the wiring room?

As the price of network equipment has dropped dramatically, we tend to buy many fast and inexpensive hardware without installing and requiring more measurement and management tools. This trend will continue as the price gap between basic device components, such as switches and routers, and the growing sophistication of management and control products such as IDs and security information Management (SIM). The human view of time is influenced by the following factors: an automatic exchanger costs 1000 of dollars, and network managers take time to install it, but the switch runs with little cost. So the price gap will be even greater. Install IDs on the network, and you need to spend several hours a week to make sure your device is working well. This is a huge price to pay. The result is a "black box" network: The network has a large number of connection points and does not see its operation.

The result of building these black-box networks is that most of the time they run well-except when they're not working well. When unnecessary network interrupts become more frequent, the consequences of network outages become more and more serious. It performance and even the connectivity of the Internet are more tightly integrated with key operations, and the need for rock-solid network performance becomes critical. If you outsource CRM to Salesforce.com, but you can't access the site, how will you sell? If you turn to a material demand planning (MRP) system without paper transmission information, what should you do when a pile of material appears in the loading dock and the system is not available?

This relies on the network, also means that a certain amount of knowledge, especially the network knowledge. Knowing the specifics of our network, we can prevent or prevent problems and solve problems more quickly when problems arise.