Network World recently published survey results from Infonetics Research on the use of Network Intrusion Prevention System (NIPS) products from TippingPoint, Cisco, IBM (ISS), McAfee and Sourcefire. The survey, sponsored by TippingPoint, found that a large portion of IPS devices deployed in corporate environments (average company size surveyed was 9,418 employees) are either (A) not deployed in-line where they can block attacks or (B) deployed in-line but without blocking filters fully enabled.
This is along the lines of what we've seen as a Managed Security Services Provider. More often than not, prior to working with us organizations are still not using many of the blocking capabilities that make Intrusion Prevention Systems a significant step up from Intrusion Detection Systems. Even in cases where the appliance is deployed in-line, it's very rare to see more than 75% of its signatures configured to block malicious traffic because organizations just don't want to take the risk of blocking legitimate traffic. It's a confidence problem one that's bred from experiencing high rates of false positives in both IDS and IPS products.
Our solution to that problem has been a services model for IPS, through our iSensor IPS appliance and Managed IPS services. Why? Because maximizing IPS blocking capabilities while minimizing false positives requires an in-depth understanding of your network traffic, the IPS technology deployed and the threat environment. You also need the resources and expertise to apply that understanding to managing your IPS performance in an ongoing basis. Most organizations can't do all of that cost effectively, which is why SecureWorks' services continue to be a very attractive path for organizations that want to get the most value out of IPS.