Technology upgrades and industry security regulations are pushing more small businesses to use both network and host-based intrusion prevention systems.
Here’s a quick network security quiz: When it comes to detecting and stopping IT threats, is it better to position intrusion prevention systems:
For small businesses, the correct answer is “All of the above,” according to IT security specialists, who say more small businesses are figuring that out and installing IPS accordingly.
Network intrusion prevention systems (IPS) are hardware appliances that sit on a company’s intranet to inspect incoming Internet traffic and block anything malicious, be it a worm, virus, or spyware. IPS can also block attacks that originate inside an intranet. IPS complements firewalls, anti-virus software, and other security measures small businesses take to keep their networks safe, says Elisa Lippincott, a spokeswoman for TippingPoint, an Austin, Texas, IPS maker. “We have some customers using our box to protect their firewall,” Lippincott says.
By contrast, host IPS works at the device level, doing its job from inside a server, desktop or other machine attached to a network.
Although large companies have long relied on IPS for network security, more small businesses are starting to use it. They’re being propelled by technical upgrades that prevent the false alarms that previously dogged the appliances, as well as other improvements, such as behavior-based IPS that looks for traffic patterns that could signal an attack, according to security industry sources.
Small and mid-sized businesses are also being pushed to using IPS by industry regulations that require it, such as the PCI Security Standards Council’s Data Security Standard, security measures any company that processes credit card payments have to follow, according to security industry sources. An updated version of the council’s standard is expected to debut this month. “We’ve seen tremendous interest down market driven by PCI” standards, says Michele Perry, chief marketing officer at Sourcefire, a Columbia, Md., network IPS vendor.
Depending on the size of the business, small companies either buy and set up IPS themselves, or subscribe to it as an add on from their firewall vendor. They can also purchase it from a regional or national managed security services provider (MSSP) such as or Clone Systems, or from a business broadband carrier such as Verizon Business.
Network IPS and host IPS
Which ever way they go, small businesses should consider using both network and host IPS. Network IPS should come first because it casts the widest net, says Greg Young, research vice president with Gartner, the Stamford, Conn., technology researcher. With network IPS, if a virus is detected, the system will block traffic long enough to allow IT staff to make sure anti-virus software is up-to-date on individual workstations, says Lippincott, the TippingPoint spokeswoman. Another advantage of network IPS: since it’s installed on the network it doesn’t slow down individual devices’ computing speed the way host-based IPS could, Lippincott says.
However, host IPS is a smart option for machines where critical information is stored, or for devices that have to reside outside a company’s firewall, such as servers used to handle online credit-card transactions. Host IPS is the only way to protect devices like laptops that leave the network, says Sean Martin, a vice president at SkyRecon Systems, a French maker of host IPS solutions. Host IPS also makes sense in situations where a company can’t put new devices on a network but can change what’s on a server, Gartner’s Young says. But put it on the network first, he says. “Threats come through the network first so stop them there first.”
IPS prices range from free open source products such as Snort, which has been downloaded 3 million times, to tens of thousands of dollars for applications for mid-sized businesses running multiple Internet traffic-intensive applications for hundreds of users. Or companies can pay by the month or annually for IPS from a MSSP or other third party.
Whether it’s network-based or host-based, small businesses need IPS, maybe even more than larger companies, Young says. “Worms don’t discriminate.”
Sidebar: Intrusion Prevention Systems for Small Businesses
The following vendors offer network or host IPS for small businesses as stand-alone products or part of a multifunction security solution: