Intrusion prevention to highlight RSA show

SAN FRANCISCO - Attendees at this week's RSA Conference will get a good look at an emerging cluster of products designed to identify attacks and block nefarious traffic before it can invade corporate networks.

About a dozen vendors, including Internet Security Systems (ISS) and IntruVert Networks, will introduce intrusion-prevention systems (IPS) that combine the intelligence of intrusion-detection systems (IDS) and attributes of firewalls.

With the market so young, vendors hope these new IPS wares will help win over business customers who are worried about the accuracy and performance of new technology, and nervous about the reliability of running antivirus and content-filtering on a single appliance.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

SAN FRANCISCO - Attendees at this week's RSA Conference will get a good look at an emerging cluster of products designed to identify attacks and block nefarious traffic before it can invade corporate networks.

About a dozen vendors, including Internet Security Systems (ISS) and IntruVert Networks, will introduce intrusion-prevention systems (IPS) that combine the intelligence of intrusion-detection systems (IDS) and attributes of firewalls.

With the market so young, vendors hope these new IPS wares will help win over business customers who are worried about the accuracy and performance of new technology, and nervous about the reliability of running antivirus and content-filtering on a single appliance.

ISS this week will seekto ease those fears with IPS gear called Proventia.

By the end of the summer, ISS plans to have two in-line IPS appliances that will run at 800M bit/sec and gigabit speed, respectively, to block harmful traffic at the network perimeter or in the data center.

"Customers will be able to choose what actions to take, to block or detect," says Tim McCormack, ISS vice president of marketing. ISS has not built hardware appliances until now, and the Proventia line will be appliance-based for speed and ease of deployment, he says.

ISS will showcase four models of its traditional IDS, RealSecure, in the Proventia appliance form. Model A201, at $10,000, is a 200M bit/sec IDS; Model A604, at $28,000, reaches 600M bit/sec; and Model A1204, at $50,000 attains 1.2G bit/sec, the company says. These appliances are designed for use in load-balancing and full-duplex environments.

Some see the inline IPS as the next-generation firewall, so perhaps it should be no surprise that by year-end ISS will introduce a Proventia IPS appliance intended to replace the firewall, McCormack says. The appliance would combine the firewall's packet-filtering and stateful-inspection capabilities. It also would combine antivirus, spam control and content filtering. For antivirus and spam filtering, ISS will partner with other vendors, which it hasn't disclosed.

With its strategy, ISS now goes head to head with Network Associates, the antivirus and security appliance vendor that was once an ally. Network Associates dropped ISS as a technology partner earlier this year and bought two security companies, IntruVert and Entercept Technologies, which sell network-based and host-based IPS products, respectively.

IntruVert this week will roll out the latest version of its IntruShield IDS System 1.5. The in-line appliance now supports a stateful failover mode that makes it possible to link two IntruVert appliances so that the second will take over if the first fails, says Raj Dhingra, vice president of marketing.

IntruShield, which starts at $35,000, can be used in mixed mode to passively monitor and actively block traffic so customers don't have to take an all-or-nothing approach on blocking. This version also adds a way to analyze whether or not an attack was successful against a target machine.