Gartner Blog Network

Next-gen Context Aware Intrusion Prevention

by Neil MacDonald  |  October 13, 2011  |  Comments Off on Next-gen Context Aware Intrusion Prevention

Context-aware security is the use of supplemental information to improve security decisions at the time the decision is made. The goal? More-accurate security decisions capable of supporting more-dynamic business and IT environments as well as providing better protection against advanced threats.

In this 2010 research note that provided a definition and framework for understanding context-aware security The Future of Information Security is Context Aware and Adaptive, I used the term “next-generation IPS” to describe how advanced intrusion prevention systems were becoming context aware in order to make improved security decisions (faster, more accurate and better suited to detect advanced threats).

Network security solutions are evolving to incorporate “application awareness” and “identity awareness” into their offerings. Information protection solutions are evolving to deliver “content awareness.” Application, identity and content awareness are all part of the same underlying shift to incorporate more context at the point when a security policy enforcement decision is made.

In the research note, I provided several examples of how information security infrastructure was evolving to become context-aware, including next-generation IPSs:

Intrusion prevention systems (IPSs) — Rather than apply all IPS rules to all traffic flows, next-generation IPS systems are able to use real-time contextual knowledge of what version of an OS or application a workload is running and what vulnerabilities are present in the systems they are protecting (for example, Real-time Network Awareness (RNA)/Real-time User Awareness (RUA) integration with Sourcefire). This context improves the speed and accuracy of IPS decisions, allowing more-efficient use of processing resources, as well as reducing the chance of false positives.

We’ve just published this research note for clients that outlines the key attributes of a next-generation IPS. Context-awareness in the form of application, identity, content and environmental awareness is the foundation for a next-generation IPS.

As I have observed several times, all information security infrastructure must become context-aware – endpoint protection platforms, access control systems, network firewalls, IPS systems, security information and event management systems, secure web gateways, secure email gateways, data loss prevention systems … all of it.

The shift to incorporate “application awareness”, “identity awareness”, “virtualization awareness”, “location awareness”, “content awareness” and so on are all facets of the same underlying shift in information security infrastructure to become context-aware.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: next-generation-security-infrastructure  security-intelligence  

Tags: adaptive-security-infrastucture  context-aware-security  endpoint-protection-platform  next-generation-security-infrastructure  symposium  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.