Today’s cyber criminals know how to tweak and change their attack signatures to fool a security system. A log of known threat signatures is no longer good enough. Big Blue focuses on protecting vulnerabilities and not just known exploits, says Craig Knapik, technical product manager, IBM Security.

IBM calls its solution Next-Generation Intrusion Prevention System (NG-IPS) and it is part of its overall Security Network Protection system, referred to as XGS. XGS offers both a hardware appliance for physical networks and a software package designed to protect VMware, virtual networks.

IBM's Protocol Analysis Module (PAM) uses heuristics and behavior-based analysis to identify and stop threats.

Behind PAM sits IBM’s X-Force Research, basically a team of security experts that investigate security threats, vulnerabilities and exploits and from that develop countermeasure technologies. Its database contains over 100,000 documented vulnerabilities which are continuously updated. IP reputation data is automatically fed to the XGS to stay current.

Sitting behind XGS is IBM QRadar, a security and event management (SIEM) solution that gathers information from the network, including network flow data sent from XGS. The SIEM analyzes and correlates that data and gives the security analyst a list of potential offenses. If an ongoing attack is recognized the analyst can select the infected endpoint and right click on the mouse which triggers an alert. XGS translates the alert to a corresponding quarantine or block command.

Pricing: Users pay for XGS by the amount of protection required at a specific point in time, i.e., the amount of network traffic that will be inspected, price of the appliance and the number of network segments that will be protected. Also configured into pricing is any need for high availability configurations and number of appliances. A central management system is available.

A Flexible Performance License allows organizations to purchase a performance level for current needs and upgrade via a software license to new levels as needed.

Read our reviews of leading security specialists latest tools: 

⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new

⇒Fortinet provides multi-threat protection through a single device integrated network

⇒Juniper Networks uses static and dynamic inspection to manipulate files to detect malware

⇒Damballa Failsafe looks for patterns of suspicious activity with machine learning

⇒Symantec Endpoint Protection shields devices using reputation technology to identify threats

Helpful advice on planning your purchase of IDS and IPS tools:

• How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
• 3 key factors to plan your budget for an intrusion protection system 
• What to watch: IDS and IPS features to consider when comparing different vendors products