News

Analysts say 'cloudy' forecast is OK

Michael Mimoso
By
Published: 06 Jun 2005 1:00

WASHINGTON, D.C. -- The network security forecast is cloudy, and that's not a bad thing if you're to believe what analysts are saying at this week's Gartner IT Security Summit.

Gartner predicts that by 2008, carriers like AT&T, Verizon, MCI and others will operationalize security functions like firewalls and intrusion detection into routers and switches, leaving enterprises to concentrate on identity and access management and other security duties away from the perimeter. By extending security to the Internet cloud, denial-of-service attacks, for example, never reach the gateway.

"We would take what an MSSP does and mesh that with our infrastructure so that the service provider and carrier becomes one," said AT&T CISO Ed Amoroso.

CISOs, meanwhile, will still have network responsibilities like setting policy and aligning policy with an enterprise business model. They'll be alleviated of costly signature updates and license renewals.

"Carriers and ISPs will provides these services for you," Gartner research director John Pescatore said.

While this boils down to essentially outsourcing these services to carriers, enterprises may be skeptical about doing so until auditors are satisfied.

What to look for when buying an Intrusion Prevention System

Gartner research director Greg Young identified seven selection criteria IT managers should use when purchasing an IPS.   

 

--Performance/latency

--Updates (quality of   signatures)

--Price

--Inclusion of next-generation firewall

--Management and reporting capability

--Is it IPS, and not just IDS inline?

--Security functionality and how it behaves if there's a failure

"I could see some [savings] with these services, but they'd have to be secure by definition," said Neil Delaney, IT infrastructure manager with NJ Manufacturers of New Jersey. "The SLA with the carrier would have to say no DoS attacks, no scanning, no RPC viruses getting through. And let's say I push all this to the cloud, does that mean I don't have a firewall on my side anymore? What are my operational best practices then? Are these services reliable, or do I still have to have my own security as a best practice?"

In the meantime, Gartner cautions that it may be more crucial than ever to establish secure zones between IT systems and the Internet. Attacks are maturing beyond broad-based worms, and now target specific applications and business processes putting additional perimeter pressure on managers to deploy tools like next-generation firewalls that combine IPS and a Web application firewall, in addition to traditional IDS and IPS defenses.

"You're not going to see mass signatures that protect anymore," Pescatore said.

Next generation firewalls that do deep-packet inspections from vendors like Juniper Networks, Check Point and Fortinet employ a heuristics engine that drops all traffic that is not expressly permitted. Most enterprises, however, refresh their firewall purchases on a three- to five-year cycle and that makes it challenging to synch new features.

"Having a secure perimeter and more zoning around systems is more important than ever," Pescatore said.

Pescatore predicted that by the end of 2006, 75% of network IPS will also check endpoint security and do anomaly detection. Gateway and antispam protection will also be included in vendor RFPs for all-in-one security platforms. Meantime, 10GB standalone IPS appliances will also be available by the end of next year.

This article originally appeared on SearchSecurity.com.

Read more on IT risk management