Barking DogsBy Brian P. Watson | Posted 2006-12-12 Email Print
Intrusion detection systems used to be the network's best guard dog: Quiet, obedient, always sniffing around. Now they're part of a whole new breed of network security.?">
As technology managers looked to tools that could not only spot but block threats, vendors like Cisco, Internet Security Systems, Juniper Networks, Sourcefire and TippingPoint began combining detection and prevention tools into a single product. (Systems typically range in price from just under $10,000 to $70,000, depending on licensing, support and service agreements.) That market, which includes network and host intrusion tools, along with firewall products, totaled $475.4 million in worldwide sales in 2005, according to IDC.
For some, the combination of the two makes all the difference. "All [intrusion detection systems] are barking dogs," says Perry Jarvis, who until early November was network operations manager for the city of Burbank, Calif., and now works at Extreme Networks. "They don't take any corrective action."
Until 2003, the city operated its power grid, which supplies electricity to its population of more than 104,000, via a supervisory control and data acquisition (SCADA) network, a physically isolated local-area network that mirrored the grid itself. Since it was isolated, Jarvis and his team didn't have any intrusions or threats coming in or going out.
That soon changed: To predict how much power would be available for consumption, the city needed to figure in weather conditions. That meant Burbank had to tie the SCADA network to the municipal network, which left the SCADA setup susceptible to attacks.
To handle security threats, Jarvis and his team spent about $100,000 on a pair of Juniper Networks' NetScreen firewalls and two Intrusion Detection and Prevention 100s to sit behind them. Those products allowed Jarvis and his team to link the two networks, permitting the SCADA network to access weather reports from the city grid while blocking harmful traffic and attacks in real time.
The ability to create and customize signatures was a key selling point, Jarvis says. But above all, Jarvis prefers the Juniper systems for their ability to do both: "I like the device saying, 'You don't look right, so you're not passing through to my systems.'"