Intrusion protection system (IPS) technology is gradually adapting to virtual computing, as IPS vendors add to their product lines actual virtual IPSes as well as IPSes that protect virtual machines. Sourcefire's recent release of VMware-based virtual appliances was the latest arrival to the market of IPSes that work with virtual machines. IBM ISS also offers a virtual IPS, and TippingPoint has plans to roll out a virtual IPS offering as well.
What's driving the IPS to virtualization? A combination of trends in IPS evolution, including the convergence of IPS technology with other security functions (think firewalls and data leakage protection), the consolidation of data centers using virtualization technology, and compliance.

It's not so much that the IPS is changing in what it can do technology-wise, but more that it's changing in the type of environment it runs in, notes Matt Watchinski, senior director of Sourcefire's Vulnerability Research Team. "Most [IPS vendors] are making their software work in those [virtual] environments," he says. "The point is that we're taking that step forward to embracing virtualization."

Virtual IPSes are still a fairly new approach for IPS perimeter defenses. "The virtualization of these security appliances starts small, and most people are still dipping their toes in the water," Watchinski says. "You're not going to see massive deployments here [for now]."

The link for this article located at Dark Reading is no longer available.