There’s a penchant by many to measure the quality of IPS (Intrusion Prevention System) solutions by the number of threat signatures supported by the vendor. Checkpoint points to how it delivers "1,000s of signature, behavioral and preemptive protections." Fortinet claims its FortiGuard IPS service inspects "over 8,000 signatures consisting of 15,649 rules." Cisco IOS Inline IPS "supports more than 7000 signatures." Presumably, the more signatures the more thorough the IPS. But is that really the right measure for today’s defending against today’s threat landscape? The problem with signatures Signatures are funny things. We might like the idea of specially crafted signatures blocking attacks,…
[Continue Reading]