Traditional IPS and firewalls fall short of providing effective threat containment and can expose the enterprise to unacceptable levels of risk. As the majority of threats now originate from inside the organization rather than outside, security needs to be everywhere, rather than just at select perimeter locations. Network access layer threats can come from malicious employees; however, the more likely scenario is compromised end systems accidentally infected with malware. In either case, the best practice response to a threat must include containing or removing the source of the attack. An IPS can stop an attack from reaching its target but it leaves the source of the attack connected to the network, free to attempt another attack against another target. Firewalls offer threat containment for attacks originating from the Internet but offer no help for the 80% of all threats that originate from the network access edge.
