The functions of the Next-Generation IPS

The Features of a Next-Generation IPS

HansolNexG product-market

The Features of a Next-Generation IPS

 

The Importance of the Next-Generation IPS

Cyber criminals in early days attacked the vulnerability of server or applications performed inside the server as the main targets, so the previous IPS system has evolved mainly as the detection or prevention threats against server.
However, in recent years, threats are being spread to client PC and applications they use as well as server. Therefore, security companies have announced new IPS system optimized for these environmental changes, and they define it as the Next-Generation IPS.

 

The functions of the Next-Generation IPS
INLINE, BUMP-IN-THE-WIRE CONFIGURATION

Provides “fail open” function to maintain previous network connection when the problem of software and hardware occurred

Provides “fail open” function that is available to forward network traffic normally without detecting in case of any failure occurred

STANDARD FIRST-GENERATION IPS CAPABILITIES

Capacity of handling network traffic at wire speed

Capacity of protecting vulnerability and blocking attacks by using signature(Legacy IPS)

APPLICATION AWARENESS AND FULL-STACK VISIBILITY

Application awareness through the network traffic analysis

Adaptation of network security policy on application level

CONTEXT AWARENESS

The analysis of network environment

The information of host deleted or added to network

The location information (country) using source IP address

User analysis

The connection between network traffic and users

Application recognition

CONTENT AWARENESS

File type recognition (ex. pdf, MS office)

Block security threats about file contents

The functions of the Next-Generation IPS

The functions of the Next-Generation IPS

 

Conclusion

Currently, the Next-Generation IPS applies optimized security threat block policy by recognizing the changes of the current network environment and by tracking and analyzing the working process of server or client PC. The repeated process of tracking and analysis blocks continuous security threat from cyber criminals while IPS system is working in the current network environment.

 

 

- Gang-bok Lee, Senior Research Engineer, Technical Research Center -