With the rapid emergence of internal threats, and those that easily bypass traditional perimeter security defenses, organizations must think about security beyond the perimeter. To meet these demands many organizations have looked to Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS). While IPS and IDS are an important feature in a layered security deployment, products falling under these categories only partially address the unique requirements of internal networks.
IPS and IDS originally were designed to address requirements lacking in most legacy firewalls and traditional perimeter defense systems. IDS solutions are typically used to monitor potential intrusions after the fact, and IPS solutions are focused on identifying and blocking attack traffic. IPS's inherited from their IDS predecessors both a reliance on reactive signatures to detect attacks and an orientation for perimeter security. While both systems play a critical role in preventing external attacks, neither is prepared to completely protect an organization from internal threats.
IPS and IDS are not designed to meet the specific needs of internal security:
- Neither can secure the internal network from the destructive spread of worms originating from within, such as previously infected laptops that connect directly to the internal network
- Host-based IDS and IPS systems cannot provide the security zone segmentation and quarantine functions critical to prevention the spread of worms and attacks within the network
- The attack protection capabilities of IPS and IDS are limited to the specific devices on which the products are installed
- Both IDS and IPS primarily rely on outdated signature files or other response-based security mechanisms to offer limited real-time protection
In order to successfully protect a network from internal security threats, an organization must deploy a dedicated internal security gateway. InterSpect, the world's first internal security gateway from Check Point, is more than an IPS or IDS because it addresses the unique requirements for providing true internal network security:
- Protects against application level threats that originate inside the traditional boundary
- Includes network and application-level protection for internal networks as well as zone segmentation and the ability to contain threats through quarantine
- Enforces endpoint security policies
- Provides proactive defense against vulnerabilities before they are exploited