Lennon and McCartney, Tom Glavine and Greg Maddux, Batman and Robin. Individual members of the world’s greatest duos are capable of working solo, but that doesn’t mean they should. The synergy of two forces coming together to create something greater than the sum of their parts is inherent to a variety of everyday scenarios, and network security is one of the most notable examples.
Take, for instance, antivirus software and intrusion prevention systems (ISPs). While they can adequately safeguard a layer of your company’s system, neither of these security measures alone provides the coverage necessary to defend against today’s ever-evolving cyberattacks.
AV is reactive
Antivirus software scans your hard drive for any known malware signatures, and takes the necessary measures to nullify the threat. But as mentioned in an earlier article, antivirus programs lack the capacity to stop zero-day malware, modified exploits, and targeted attacks (which are unrecognizable because they've never revealed themselves before), from damaging your systems. Zepto, for example, is a variant of the Locky ransomware that practically performs the same functions but with a modified malicious code to avoid detection from antivirus scans. Antivirus engines act as a cure and can extinguish these threats only after they hit the disk.
IPS is proactive
Conversely, IPS acts as your first line of defense against malicious payloads attempting to penetrate your computer. In a nutshell, IPS inspects the payload for known malicious code lying dormant within the packet. It can also detect unknown attacks by checking for any irregularities and known vulnerabilities within the system. In other words, IPS familiarizes itself with your system’s vulnerabilities to detect all possible attacks on it -- especially zero-day hacks. However, as powerful as this may seem, IPS has limited visibility, only preventing threats “in flight” and failing to address malware-infected data at rest.
Consider a combined approach
Instead of thinking of IPS or antivirus technologies as an either-or decision, consider combining them for some of that Batman and Robin synergy. Single technologies represent a single point of failure. Think about it -- if a hacker bypasses your IPS-only security system, hackers are free to roam about your systems and steal as much data as they want. What you need is a multi-tiered defense against external attacks.
Fortunately, many managed security providers see the value in combining signature- and behavior-based approaches. For this reason, we’re now seeing an exciting trend where IPS providers are bundling signature-based antivirus products, while antivirus vendors are offering more technologies to compensate for antivirus programs’ shortcomings. Thus, it should be clear that if antivirus and IPS are combined, they make for a more holistic and multilayered approach to network security.
People often think that an IPS-only or an antivirus-only solution is all they need to protect their company. This is a colossal mistake considering the increasingly sophisticated cyberattacks being developed every minute of every day. Here at IntelligISTM, we believe that there is no such thing as a silver bullet when it comes to security. Therefore, we not only implement antivirus and IPS but a range of other security solutions to fully protect your organization. Contact us at www.intelligis.com to find out more.
