To protect the network security further, Intrusion Detection Systems (IDS) is used to monitor in-line on any network and system malicious activities or policy violations. It is primarily focused on identifying possible incidents, logging and reporting these attempts of violation. With the report, the IT department could pinpoint where the problems are with its security policies and take the right actions to fix them. Furthermore, any detected intrusion attempts could be automatically blocked by Intrusion Prevention Systems (IPS), an extended function of IDS. As enterprise network traffic growing with bandwidth, complexity of connections and protocols, IDS/IPS systems are built as gateway appliances to support the increasing demands of computation loads in the tasks of inspection, detection, and monitoring.
In recent years, accessing the Web for business purposes is on the rise. Enterprises conduct B2B, B2C, on-line shopping, access business data from the Web, and send emails much more often. Malware, short for malicious software, comes in all different formats or ways such as spam, spyware, virus, worm, Trojan horses, etc. designed to disrupt or deny operations, to gather information, to gain unauthorized access to system, and/or to achieve cybercriminal goals. To prevent malware threats, anti-malware, or anti-virus and anti-spyware are implemented on Secure Web Gateways (SWG), a gateway appliance to scan all incoming network data. The malware would be blocked when it detected in coming across, or be removed when detected within the devices.
To prevent unauthorized access of their crucial data, some organizations install Content Monitoring and Filtering (CMF) or Web Content Filtering functions on the same gateway appliance with anti-malware functions. This content-aware function typically monitor and detect outbound sensitive data crossing the enterprise perimeter, it will stop the delivery of restricted content, if the receiving-end is not authorized. Or it will encrypt the restricted content to enforce the Data Loss Prevention (DLP) policy.
Rather than managing multiple security appliances on the network, an all-in-one unified appliance, Unified Threat Management (UTM), with all network security functions such as firewall, VPN, IDS/IPS, anti-malware, anti-virus, anti-spyware, anti-spam, content filtering, certainly appeals to IT management. It is a less-complex and cost effective way to serve the same security purpose and to realize the benefits of power saving, space saving, ease of install and administration.
Network security appliances are important parts of a secure enterprise network. Comparing to standard workstations or servers, the appliances deliver the performance with hardware customized for specific applications. Appliance platforms bring in flexibility to configure, scalability to expand, and stability of ease of use.