FireBreak is not an Intrusion Prevention System (IPS).

The FireBreak Intrusion Suppression System employes uniquely effective anti-worm technology that fills a void left by IDS and IPS systems. It bridges the gap between the release of a new worm and the release of the updated definition files for your IDS or IPS system.

What is IPS?

Intrusion Prevention Systems are a recently developed hybrid between a stateful firewall and an IDS (Intrusion Detection System).

Traditional antivirus solutions - are they effective against today's threats?

left drop quote ...there have always been potential drawbacks with behavioral analysis. One major problem lies in the fact that there's a grey area between actions that are clearly 'bad' and those that are legitimate. What's bad in a hostile program may be good in a legitimate program. right drop quote

--David Emm (VirusList.com, October 17, 2004)


How do IPS combat worms?

The primary benefit of an IPS is to provide easier management of the capabilities provided previously and separately by IDS and stateful firewall systems, and to bring the capability of the stateful firewall to the internal network. IPS systems provide a more modern and flexible approach to "network partitioning" which creates zones of isolation on your network so that an outbreak in one zone may not affect another zone.

How effective are IPS at stopping worms?

IPS systems have many of the same limitations of IDS systems, with an added twist. Because they can dynamically respond by changing the rules equivalent to a stateful firewall, tuning of IPS systems is even more critical and difficult than tuning an IDS system.

IPS systems can be difficult to deploy without generating interference with normal business operations. Although modern IDS and IPS systems employ heuristic detection (basically rules of thumb about "bad" network traffic) which allow some worms to be detected without a signature, these rules are complex and hard experience shows that some worms manage to escape detection, while other legitimate network activity is blocked. Rules of thumb are never a perfect match.

Layered Defense graphic

Finally, IPS systems, like AntiVirus and IDS, generally need to know about a worm in advance in order to block it. Worm writers typically don't give advanced notice.