July 31, 2012, 1:38 PM — IBM Tuesday introduced what it's calling a "next generation" intrusion-prevention system (IPS), an offering that not only is designed to stifle network-based attacks, but adds application-level controls and URL filtering capabilities typically found in separate products such as Web security gateways.
The Security Network Protection XGS 5000 appliance, expected to ship in August for a shade under $50,000, integrates IBM's core IPS technology with threat-monitoring features such as the ability to identify misuse of the Web by end users and to block dangerous URLs known to spread malware. The XGS 5000 does not include a traditional firewall, however.
"Part of this is about a marketing position in the firewall versus the IPS space," says Scott Crawford, managing research director at Enterprise Management Associates, noting that typically there are different buyers for firewall and IPS products. With the XGS 5000, IBM wants to maximize its influence with IPS buyers (IBM ranks only behind Cisco with 13.2% of the $1.88 billion market, according to IDC).
IDC security research analyst Charles Kolodgy says the IBM XGS 5000 does represent a new kind of IPS-based product that "improves network, user, and application awareness" and "vastly improves an IPS's ability to provide full network protection, especially trying to uncover custom malware and stealth attacks perpetrated by advanced persistent threats." APT is the term use to describe stealthy attacks to try and steal sensitive corporate data.
Sourcefire and McAfee "are producing similar boxes," Kolodgy says, and Barracuda previewed a similar type of appliance at the Black Hat security conference last week.
Although the term "next-generation IPS" is starting to be bandied about, Kolodgy said IDC is still pondering the usefulness of this phrase or whether a new category entirely should be established that "goes beyond either firewall or IPS."
"The uniqueness isn't so much in the application layer and URL, a lot of products have that, but it's in the ability to set up security at the user level (like the next-generation firewall), correlate that information (in this case with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files," Kolodgy explains.