CybersecurityWeb and network firewalls remain central to network defense

Organizational networks are threatened by an ever-shifting array of complex cyber attacks. With so many defensive tools to choose from, however, which offer the best protective value? A recent Forrester Research report-examining fourteen threat mitigation technologies-highlighted some top security solutions.

John Wagley reports that Web and network firewalls remain central to network defense, it states. Firewall auditing tools, which automate firewall and router configuration review, are also a promising emerging technology, according to the report, “Network Threat Mitigation.” Many vendors try to position their solutions as compliance-focused, but firewall-related tools may offer the best value in meeting wide-ranging compliance objectives, states the report by lead author John Kindervag, a Forrester senior analyst.

Intrusion prevention systems (IPS) are also a top defense, the report states. IPS is more proactive and effective at blocking attacks than other network-monitoring tools such as intrusion detection systems (IDS) and network behavior anomaly detection (NBAD) solutions.

Many managers are concerned that IPS could block good traffic, but such concerns are “unfounded,” the report says. IPS adoption also may be hindered by an unfair association with IDS, according to an April Forrester report, also by lead author Kindervag. Although sharing some technological DNA with IDS, it states, IPS is more than just a “next generation” technology. IPS can generally view two-way, as opposed to unidirectional traffic; IDS also produces far too many false alerts.

The earlier report, “If You Don’t Have IPS, You Deserve to be Hacked,” is available here.