Broadly speaking, there are two types of IPS: network-based and host-based. A network IPS is a device that performs a deep inspection of packets as they come through, even reassembling them to examine the entire communication before passing them along.
There are three types of vendors in this area:
- Pure-play IPS vendors, such as TippingPoint.
- IDS companies, such as Internet Security Systems Inc., which are expanding their functionality to include blocking.
- Firewall makers, such as Check Point Software Technologies and NetScreen Technologies, which are adding deep packet-inspection functions to create "next-generation" firewalls.
In addition, IPS functions are being added to other network devices. For example, Juniper Networks Inc. acquired NetScreen last year, and 3Com Corp. purchased TippingPoint, so you can expect to see the added security technologies incorporated into the parent firms' networking gear to block suspect traffic.
A host-based IPS, on the other hand, is software rather than an appliance and comes from different vendors. Gartner analyst Greg Young says host-based intrusion prevention for servers is a mature technology, but he advises companies to hold off for now on deploying it on the desktop.