* Enterprise security architectures evolve A more robust kind of firewall than we are accustomed to might wind up serving as a comprehensive security overlay system for enterprises. We mentioned this last week when describing iPolicy’s recently announced enterprise Layer 3 – 7 “intrusion prevention firewall.”IPolicy’s device, which got its start in the carrier community, runs several security applications – but must only inspect a packet once to enforce rules for each. It can reportedly also correlate information to identify multiple risks in a single event.The iPolicy device reflects Gartner’s June 2003 prediction, which we wrote about last fall, that traditional firewalls would be supplanted by deep-inspection firewalls combining network- and application-level filtering with anti-virus protection.“Intrusion prevention systems and application-specific firewalls came about only because of failures in firewalls,” said Richard Stiennon, vice president of security research at Gartner (and the analyst who made the prediction) in an interview last week. Stiennon, who estimates that 98% of all businesses have firewalls, called the iPolicy system “network security nirvana.”He cites CheckPoint and NetScreen, which have introduced intrusion prevention devices and are moving toward integrating them with their firewalls, as evidence that more new-generation firewalls are coming. Cisco, at this juncture, remains oriented toward sprinkling different types of security products throughout the network. On one hand, this seems more complex and expensive. On the other, though, there remains a single-point-of-failure consideration with the all-in-one approach.Additional iPolicy architecture details:* A Global Security Interface serves as a management interface into the centralized Global Security Administrator (GSA), a server software-based security policy “engine.”* The GSA sets and enforces rules for up to 1,000 intrusion prevention firewalls, called IP Enforcers.* The GSA links to Local Security Supervisors (LSS) and the server software at your various sites. You can use LSSs to customize rules at each site, if appropriate.* The LSSs connect to either the IP Enforcer 3400 (400M bit/sec, $18,000 to $20,000) or IP Enforcer 3100 (100M bit/sec, $8,000 to $10,000). These devices sit between your WAN access router and internal network, connecting to the “DMZ” of Web and authentication servers in the middle. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions Industry news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Network Security Network Security Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe