The mixed results that users have had dealing with intrusion-detection technologies is fuelling greater industry interest in intrusion-prevention products. This week, Network Associates (NAI) announced software designed to help companies not only detect network- and system-level attacks, but also block them more proactively.
One of the new products from NAI is a desktop version of a server-based intrusion-prevention technology that the company acquired through its US$120 million purchase of Entercept Security Technologies in May.
The product, called McAfee Entercept Desktop, uses a combination of virus signatures and behavioural rules to detect and block attacks at the desktop. Agent software is installed on individual desktops and is centrally managed using McAfee Entercept Management software.
Also announced was an enhanced version of McAfee IntruShield, a network intrusion-prevention product that Network Associates obtained in its $100 million purchase of IntruVert earlier this year.
Network Associates isn't alone in releasing intrusion-prevention wares. Last week, NetScreen Technologies announced a "deep-inspection" firewall that combines signature-, policy- and network-behaviour-based approaches to block application-level attacks. And earlier this month, Teros announced an enhanced version of its host-based intrusion-prevention product.
Unlike intrusion-detection products, intrusion-prevention tools are said to automatically prevent unauthorised or malicious tasks from executing, said Vivek Kundra, former director of infrastructure technologies for Arlington County, an Entercept user. "We noticed some clear benefits in having invested in IPS when Blaster hit," Kundra said.