Internet Security Systems - AlertCon(TM)

X-Force Protection Engines

Posted by Dan Holden on May 11, 2007 at 4:33 PM EDT.

Been there and done that...

I was recently reading on darkreading.com that an IPS vendor is touting a solution that doesn’t rely on regular expressions.  Is this actually news?  I guess a new product release can be made into news but using deep packet inspection as the centerpiece of the article shouldn’t be.  Welcome to 10 years ago guys.  ISS released RealSecure 10 years ago this month and we released our PAM (Protocol Analysis Module) 5 years ago now.  I’m glad that others have or are starting to realize that regex isn’t the way to do IPS the right way.  X-Force has long realized that analyzing and understanding behavior is the only scalable solution for large enterprises.  I don’t want to knock this vendor too badly however because at least they aren’t using an antiquated regex-based system backed by rented or purchased security research as some others are.  That type of business practice and ‘technology’ will never scale and actually adds potential risk to what is supposed to be a game of risk management.  It seems as though the rest of the industry is starting to see the light however.

 

I thought everyone knew this?

http://www.networkworld.com/news/2007/040507-desktop-antivirus-dead.html

It’s the same thing with the desktop and signature A/V market.  Signatures are slow to implement, are reactionary, and again don’t scale well.  There are more vulnerabilities and malware every single year.  Are we and every other company that is concerned with security going to add budget for additional headcount and infrastructure because hackers have us running scared?  Certainly not enough to keep up with a 40% increase in vulnerabilities and an increase in malware that is so large and difficult to track that no one can agree on a number from year to year.  It seems to me that we all better figure out a solution that fits within smart business practices or lose out to a criminal force that could be the largest in history.  The bottom line is that X-Force builds solutions and protection engines to solve problems in a scalable fashion.  PAM (Protocol Analysis Module) was our first winner and we’ve only added additional engines to our lineup over the years.  We have had VPS (Virus Prevention System) for 2 years protecting our customers with behavioral analysis of malware and now our latest engine, SCH (Shellcode Heuristics) leading the charge in preventing real world exploitation no matter the vulnerability.  A lean back approach to security is what is needed and what X-Force has been building from the start.  If you and your organization are reacting to the everyday threats with your regex IPS signatures and your constant A/V updates then good luck friends.  You have more spare time than I do :)

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.