IBM attempts to redefine the IPS

The Security Network Protection XGS 5000 appliance integrates IBM's core IPS technology

IBM has introduced what it's calling a "next generation" intrusion-prevention system (IPS), an offering that not only is designed to stifle network-based attacks, but adds application-level controls and URL filtering capabilities typically found in separate products such as Web security gateways.

The Security Network Protection XGS 5000 appliance, expected to ship in August for a shade under $50,000, integrates IBM's core IPS technology with threat-monitoring features such as the ability to identify misuse of the Web by end users and to block dangerous URLs known to spread malware. The XGS 5000 does not include a traditional firewall, however.

SECURITY THREAT: Possible Anonymous attack could target BT, GlaxoSmithKline at Olympics

"Part of this is about a marketing position in the firewall versus the IPS space," says Scott Crawford, managing research director at Enterprise Management Associates, noting that typically there are different buyers for firewall and IPS products. With the XGS 5000, IBM wants to maximize its influence with IPS buyers (IBM ranks only behind Cisco with 13.2% of the $1.88 billion market, according to IDC).

IDC security research analyst Charles Kolodgy says the IBM XGS 5000 does represent a new kind of IPS-based product that "improves network, user, and application awareness" and "vastly improves an IPS's ability to provide full network protection, especially trying to uncover custom malware and stealth attacks perpetrated by advanced persistent threats." APT is the term use to describe stealthy attacks to try and steal sensitive corporate data.

Sourcefire and McAfee "are producing similar boxes," Kolodgy says, and Barracuda previewed a similar type of appliance at the Black Hat security conference last week.

Although the term "next-generation IPS" is starting to be bandied about, Kolodgy said IDC is still pondering the usefulness of this phrase or whether a new category entirely should be established that "goes beyond either firewall or IPS."

"The uniqueness isn't so much in the application layer and URL, a lot of products have that, but it's in the ability to set up security at the user level (like the next-generation firewall), correlate that information (in this case with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files," Kolodgy explains.

Another industry watcher, Current Analysis principal analyst for enterprise security Paula Musich, calls the IBM appliance innovative in that it adds "three new malware detection engines that focus on exploit payload detection, Web application protection and file and content inspection."

Sourcefire has already released a next-generation IPS, she points out, adding, "I think we'll see some overlap between next-generation firewall and next-generation IPS products in the market." She concludes, "I'm aware of at least one enterprise that is evaluating both for the same project. Right now, the market is highly fragmented, and vendors that describe their products as next-generation firewall, UTM appliance and next-generation IPS are all competing for the same budgets."

John Cloonan, IBM program director for threat protection in IBM Security Systems, says the XGS 5000 has an approximate 3Gbps of throughput, and represents the "moderate end" for traffic. However, IBM plans to release a wider range of appliances with varying throughput levels based on its next-generation IPS technology in the future.

He says one advantage in the fine-grained controls the XGS 5000 permits is that you could set it up to allow users to read personal email but "maybe not the have access to the attachment" if that was deemed a security risk. And "if I know someone is going to a website known for malware, I can block that." The XGS 5000 can work with IBM's QRadar security information and event management product as well.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place