In this exclusive interview, we speak with Clarence Morey, a senior security researcher at IBM Internet Security Systems, about the current state of intrusion prevention technology and where the market is heading.
NSJ: How would you describe the current state of IPS technology?
Morey: IPS has matured significantly over the past few years. We've moved well beyond simple signature matching to sophisticated behavioral analysis that can detect zero-day attacks. The accuracy has improved dramatically, and false positive rates are much lower than they were just a few years ago.
NSJ: What are the biggest challenges organizations face when deploying IPS?
Morey: Tuning is still a significant challenge. Every network is different, and getting an IPS tuned to your specific environment takes time and expertise. We also see organizations struggle with the volume of alerts generated — having the right processes to triage and respond to alerts is just as important as the technology itself.
NSJ: Where do you see IPS technology heading?
Morey: I see three major trends. First, deeper application awareness — IPS systems will understand not just what protocol is being used, but what the application is doing. Second, tighter integration with other security systems — IPS won't operate in isolation but as part of a coordinated security ecosystem. Third, cloud delivery — more organizations will consume IPS as a service rather than deploying on-premises hardware.