Just a few years ago, deployment of an antivirus solution and a next-generation perimeter firewall would have been enough to let your IT security staff sleep at night–but those days are long gone. Antivirus solutions are point products that block known viruses and are not designed to even recognize application-layer worms.
Firewalls will continue to be critical for network security, but they do not address threats that bypass the perimeter any more than a 10-foot wall would stop a fly from traversing over or a mole from burrowing under it. Firewalls are critical and the first line of a layered security defense, but what do you do when the threats are al ready inside your perimeter defenses? Today’s threat environment is about threats that emerge from inside the network, either through penetration of the perimeter or, more commonly, by introduction from a source that directly accesses the inside of the network. How many laptop users in your organization connect from home or external locations such as airports, cafés and other public hotspots that are beyond your company’s perimeter line of defense? These mobile laptops can become infected and spread malicious data inside the LAN–their remote-access connections represent an authorized tunnel right into the network.
How many contractors, visitors, partners or temporary workers connect their laptops to your internal networks? Do you know what is on those laptops? In any of these scenarios, these laptops have become potential carriers of malicious code and direct attacks that plug right into your internal network.
The first development to address this area was intrusion-detection systems (IDS), an array of servers and sensors deployed across a network to watch for and report on network traffic. An IDS is designed to be strictly passive, however, and, at best, alerts IT managers about potential threats based on signatures–but it is incapable of actually responding. Furthermore, IDS solutions generate a large number of alerts and are inherently prone to an unacceptably high rate of false positives. [read more]
Source: Bring on the security gateway, Tamir Hardof, Communications News, September 2005