IBM Adds Web App Firewall To IPS Appliances

IBM has upgraded its Security Network Intrusion Prevention System line of appliances, which combine an intrusion prevention system (IPS) with web application firewall capabilities.

IBM said the new 4.1 firmware release for the appliance, automatically available to some customers with current maintenance contracts, offers more capabilities for securing data and web applications, including "client-side application protection, data security, web application protection and application control," as well as monitoring to detect confidential information that may be exiting the network.

The appliance will also works with IBM Rational AppScan, which can automatically generate custom security policies for the device, to help protect web applications against specific vulnerabilities identified by AppScan. IT managers also get a single interface for managing all of the security tools on the appliance.

Notably, the appliance also includes virtual patching technology, which can filter what goes into or comes out of an application, to block against known attacks. The capability can be a boon to IT managers, because it helps free them from having to immediately patch against every newly discovered vulnerability, at least right away.

Equally, they can rapidly protect systems for which a vulnerability has been discovered, and which is being exploited by attackers, but for which no patch exists. For example, according to the IBM X-Force Trend and Risk Report for 2009, 52% of vulnerabilities reported last year still had no vendor-supplied patch by the year's end.

Numerous vendors, including IBM, augment their virtual patching technology with update services that proactively provide virtual patches against newly discovered threats that may have not yet been disclosed publicly. For example, IBM said that in 2009, for the top 61 security threats of the year, its researchers created and released working virtual patches, on average, "340 days before the vulnerability was publicly disclosed." According to IBM Managed Security Services, the typical corporate IT infrastructure sees about 60,000 attacks per day, ranging from targeted attacks and intrusion attempts to worms to phishing attacks. Given that volume of attacks, "effective threat and vulnerability management needs to focus on preventing problems, not responding to them," said Steve Robinson, general manager of IBM Security Solutions, in a statement.