To the extent that network-based systems rely on signatures to identify attacks, they’ll need to be updated—and they may have difficulty stopping brand-new attacks. It’s also important to consider the impact on network performance when installing an in-line system—if it can’t support your network’s maximum bandwidth utilization or introduces significant latencies, it will be a bottleneck. For that reason, many vendors are moving toward appliances (some of which support gigabit speeds), rather than software.

Where IPS Fits In

Almost no one claims that any type of intrusion prevention system will replace firewalls and other mainstays of network security outright. Instead, analysts say, these systems make the most sense as part of a layered security strategy that makes use of several different technologies at multiple points in your network.

Nor will IPS kill the intrusion detection market, at least in the short term. If an attacker makes it past your other defenses (including the IPS), an IDS provides the information you need to contain the damage and prevent future attacks.

Ultimately, predicts Richard Stiennon, a research director at Gartner, network-based IPS capabilities will be integrated into firewall appliances. The host-based IPS, say Spire Security’s Lindstrom and other experts, will likely become more agent-based, centrally managed and ubiquitous—perhaps as part of an enterprise’s overall systems management strategy. But one thing is certain: As the number of attacks and vulnerabilities continues to grow, so will interest in intrusion prevention technologies of all kinds.

"Return on security investment is something that’s very, very difficult to show," says New Century’s Stevenson. "But you pick up the paper every couple weeks, and to know that we’ve bypassed the latest critical worm or virus that’s on the Internet—that’s return on investment."