Organizations seek to protect their networks from external and internal threats have utilized a variety of security strategies, including network-based intrusion detection and prevention systems (IDS/IPS). Over the years these systems have evolved from supplying information to security professional about potential attacks to also including details about the overall effectiveness of defenses against any attacks. Today, such information is considered essential and mandatory components of an organization’s network security strategy and is regulated and audited. Additionally, such information can be used as forensics data to prosecute attackers.

As with all systems technologies, network IDS/IPS trends continue to evolve, affecting organizational data security planning in several ways:

• •Critical security and compliance systems should be able to identify, monitor, and inspect the installed client applications on the network.
• •Security personnel value the ability to have ready access to a range of contextual data including network behavior, user identity, potential attacks, and defense mechanisms.
• •Virtual networking environments are supported by visibility into the actual environment and its operations.
• •Selection considerations, including consolidation benefits, real-world performance metrics, network security requirements, technology refresh cycles, and budgetary constraints.

According to an October 7, 2011 article by the Gartner Group titled “Defining Next-Generation Intrusion Prevention”, there are six critical minimum attributes that next-generation intrusion prevention systems should have:

1. 1)An inline, bump-in-the configuration that does not interrupt network operations.
2. 2)A set of standard first-general IPS capabilities that support vulnerability- and threat-facing signatures.
3. 3)Functionalities including application awareness and full-stack visibility that identify applications and enforce network security policy at the network layer.
4. 4)Context awareness functionality to bring information from all outside sources to improve blocking decisions and/or modify the blocking rule sets.
5. 5)Content awareness functionality that inspects and classifies inbound executable files including Adobe PDF™ and Microsoft Office™ files.
6. 6)Agile engine capabilities that support upgrade paths to integrate new information feeds and new techniques as future potential threats emerge.

Organizational security teams are responsible for addressing the diverse functional requirements within and throughout the network. Additionally, security personnel must manage and balance different technology life cycles and acquisition schedules. It is vitally important to the entire organization that the implemented network intrusion prevention and detection systems keep pace with the ever-increasing threats to technological and security threats faced today by enterprises of all sizes.