Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Not Your Fathers IPS: SANS Releases Results on its Network Security Survey

IPS Doing a Pretty Good job; However Users Want Their IPSs to Graduate to the Next Generation: Full Results Released in SANS October 29, 1 PM EDT Webcast

  • Bethesda, MD
  • October 25, 2013

SANS announces the results of a new survey sponsored by Hewlett-Packard on network security. In it, 439 survey responses show that IPS is still mainly deployed at the perimeter and is doing a fairly good job at detection, yet only 11% of respondents are turning on IPS to block automatically for 100% of their traffic.

However, 80% are using some automated blocking - a large group (28%) set automatic blocking only for those events they can block with great assurance.

Why aren't organizations using their IPS automated blocking features more?

Results indicate that respondents want and need more information than their traditional IPS will give them before they can confidently turn on automatic blocking.

Indeed, when respondents laid out their wish lists for a next-generation IPS, 79% say their next-generation IPSs must include more application awareness, 67% want more context awareness, 57% say they need more content awareness, and 56% would like full stack inspection included in their IPS capabilities. This question allowed multiple responses, and this ranking indicates that, above all, respondents want smarter IPS devices that work with a variety of needs.

"Given the industry trend toward simpler and easier interfaces, I was surprised that the overwhelming need expressed in our survey results was for more data," says SANS Analyst, Rob Vandenbrink, who authored the report. "They're also looking for better tools to integrate and process that data."

To expand their IPS capabilities, respondents are planning to or are already connecting their IPS devices to other security inputs for a next-gen IPS "fabric-oriented" architecture so that their tools, working together, result in better visibility and analytics. This, in turn, not only results in more accurate decisions made on behalf of the IPS, but also offers the ability to feed information back and forth between different security systems for more thorough protection and remediation.

"This survey represents a true 'slice-of-life' from real IT shops trying to enhance their IPS capabilities to prevent threats," adds Vandenbrink.

These and other results will be released during an October 29 webcast at 1 PM EDT hosted by SANS. This webcast is open to the IT community by registering at

The SANS Analyst Program,, is part of the SANS Institute.

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (