IBM is introducing a new class of next-generation Intrusion Prevention System hardware appliances. The IBM Security Network Protection XGS 5000 is first in the new product family that aims to go beyond what IBM’s traditional IPS devices have provided to date, with a deeper and more integrated level of threat intelligence.
The XGS series is intended to initially supplement, and perhaps one day replace, IBM’s GX series of network security appliances.
“It’s a new class of device,” Joe Anthony, Director, Threat Protection Product Management, IBM Security Systems, told EnterpriseNetworkingPlanet. “We think it will complement exsiting IPS deployments, but as it comes time for a refresh for existing IPS, some customers will want to replace with the next gen IPS.”
Antony noted that the next gen IPS provides additional visibility and control. He added that there is also better level of application awareness.
“Previously for applications that we did define, we would allow people to either allow them or block them,” Anthony said. “We did not open up the application and provide the granular control, so for example you could treat the marketing organization differently from the engineering organization.”
In addition to group based management, the next gen IPS also has granular control around specific individuals and application actions.
In comparison to the IBM Network IPS GX 7800 which is at the top end of the currrent IBM IPS portfolio, there are a number of key differences. The GX 7800is a 20 Gbps Linux powered system that got its last major update in 2011. The new XGS 5000 is also Linux based.
Anthony explained that the application control in the XGS 5000 could complement the GX 7800. But in terms of the overall performance characteristics, there is a big difference, as the XGS 5000 is more closely aligned with the GX 5000 series. The XGS 5000 has 16 one Gigabit Ethernet ports and the specified throughput is currently rated at 2.5 Gbps of inspected traffic. Anthony noted that over time, IBM will expand the XGS product portfolio to have a 7000 series as well that will more closely align with the performance characteristics of the GX 7000 series.
The XGS series can also be integrated with IBM’s QRadar Network Anomaly Detection appliancewhich provides additional intelligence on anomalous network activity.
While the next gen XGS system provides many new features, it does not in its intial release have support for thorough SSL inspection. Anthony noted that the device does not decrypt and then re-encrypt SSL traffic for thorough detailed analysis. Anthony explained that the XGS does have some limited SSL visibility with more detailed capabilities scheduled for some future point on the product development roadmap.
The market for next generation network security appliances is a very competitive one. For the most part, vendors like Palo Alto, Check Point, Juniper and Cisco have been pushing the Next Generation Firewall (NGFW) as the right technology for the future. The NGFW also has a focus on application awareness that integrates packet inspection and threat detection on the the firewall.
Anthony explained that when he speaks to customers, many of them want the next gen type application control and visibility capabilities sitting behind an existing firewall.
“These are enterprises that have very specific rules for their firewall and if they mess them up, it will bust a lot of transactions,” Anthony said. “So they have a lot of fixed, rigid rules.”
For the more aggressive threat rules, more flexibility is required from IBM’s customers and that’s why the IPS is often seen as the right place for application control and threat mitigation.
“The small organizations do look at bringing all that technology together in a next gen firewall,” Anthony said. “But the traditional accounts that we sell into at medium to large enterprises, a lot of them manage it as two separate things and we expect that tradition to continue for a while.”