INTRUSION PREVENTION SYSTEMS- THE VALUE PROPOSITION
The Internet Worms of 2003, namely SQL Slammer, MSBlaster, and Nachi, showed that Intrusion Detection Systems (IDS) cannot effectively protect against unknown or Day Zero attacks. The speed at which these worms propagated combined with the ease with which they breached IDS defences proved convincingly that the technology was of no help to organizations relying on IDS to protect their networks.

Intrusion Detection Technology is still marketed strongly by some security vendors. The main reason for this is that these vendors are still unable to offer Intrusion Prevention Systems (IPS), so many have taken to renaming their IDS systems to Intrusion Protection Systems. n 2003 IPS was a brand new technology. Leading IPS vendorswere able to show that their Intrusion Prevention Systems, stopped SLQ Slammer at the door. Users of this IPS technology were unaffected by SQL Slammer. Using default configurations, McAfee Security's IPS were also able to stop the MS Blaster Internet Worm on at the 14th July 2003. Interestingly, the vulnerability exploited by the MS Blaster and Nachi worms was only published by Microsoft Security on 14th July 2003. The MS Blaster worm was released in the Wild on 11th August 2003 and Nachi was released shortly after that. Their Denial of Service (DoS) activity brought down networks all over the world, and no Antivirus Software or IDS was able to stop them. IPS was able to stop the attacks due to the fact that its patented anomaly scanner was able to detect them and thus not allowing the offending packets to enter the networks it protected. IPS is now the standard technology which organisations a critical layer of protection during the Window of Vulnerability between a new exploit and patch availability. It has reversed the "Patch Fatigue" syndrome suffered by many organisations in recent years and allowed security managers and administrators to regain control of network security


Limitations of Intrusion Detection or Protection Systems
These IDS systems still only perform Detection Services. They are ineffective against blended threats and polymorphic mal;ware found in the wild today, because they only use signature based, technology and do not reside inline. This means that IDS can only guard against known attacks, and relies on a firewall or router to perform TCP Resets once a known vulnerability has been detected. This means that without an updated signature, IDS is powerless during the critical “Window of Vulnerability” which exists between the time when a new threat is released and when Security Vendors are able to develop and deploy new signatures to their customer's IDS sensors.


Benefits of Intrusion Prevention Systems (IPS)
Intrusion Prevention System (IPS) technology, has been identified by Gartner and the IDC as the replacement technology for IDS. The strength of IPS is that is uses both signature-based detection and anomaly-based detection to prevent both known and unknown(zero-day) attacks. An IPS sensor also resides inline, and can be deployed across multiple LAN Segments. It is transparent on the network and has the ability to drop suspicious packets entering a network or subnet. For this reason IPS is a valuable proactive security tool and a critical layer in modern converged networks.


Network Intrusion Prevention Systems (NIPS)
Network IPS sensors work inline to proactively detect intrusion attempts, using both signatures (reactive) and behavioral (proactive) anomaly detection. The devices are hardware-based appliances and have an extremely high throughput, measured in multiple gigabits. If an incoming packet, for instance, breaks one of the behaviour rules- eg. It is designed to cause a buffer overflow on a Web-Server, the packet is simply dropped by the IPS.Network Security Platform by McAfee Security is the world leader in Network-based intrusion Prevention, offering Gigabit throughput and real-time protection with its' range of inline Managed Appliances.

DRS provides industry leading Network IPS Solutions from McAfee, HP Tipping Point and Juniper Networks.

Host Intrusion Prevention Systems (HIPS)
McAfee® HIPS is deployed on a server to provided real-time detection and prevention of network intrusions against enterprise and government networks. The innovative HIPS architecture integrates patented signature, anomaly, and Denial of Service (DoS) analysis techniques, thus enabling accurate and intelligent attack detection and prevention on the endpoint in real time.

• HIPS combines several core technologies to protect enterprise servers. Using a distributed architecture, HIPS agents are installed on each server in an enterprise. The Agents Agents intercept system calls to the operating system and block calls that would result in malicious behavior. HIPS determines, among other things, the process making the call, the user making the call, the resource being accessed by the call, and the user permissions related to the call. Using this information, calls are matched against the appropriate behavioral rules and known attack signatures.
  
• HIPS then blocks calls to the OS or application that attempt malicious behavior or that matches any specific attack signature. All preventive activity is logged to the Management Console for review and reporting.
  
• The policy database ships with a fully configured default template, incorporating powerful customization features as well as allowing false positives to be virtually eliminated. The default policy ensures rapid deployment.
  
• Agents are deployed per server and are controlled and updated via either the Entercept Management System or ePolicy Orchestrator. Agents are completely self-contained, protective units and not reliant on the management system to function. This approach improves both reliability and security.
  
  

DRS' offers host-based Intrusion Detection Systems for the full spectrum of Server types (Web, Database, Application, File and Print).