Intrusion Prevention Systems (IPS) are simply described as network threat detection systems acting as a security guard for your IT environment.
Intrusion prevention systems are designed to proactively block incoming threats whereas an IDS or Intrusion Detection System is more reactive in nature.
Many of the features of IPS and IDS systems are today integrated into firewalls and network protection devices. Whilst this hybrid approach has advantages in terms of operability integration and management there are drawbacks in terms of scope of protection and updates to threat ‘signatures’.
Today there are a plethora of IPS systems to choose from this range’s from firewall integrated systems through to industrial scale carrier class devices designed to prevent distributed denial of service (DDoS) attacks on large e-commerce or gambling sites.
There are compelling advantages for any organisation that wishes to use deploy an intrusion prevention system. We have listed out some of these advantages below to help guide your decision.
Real time alerting
IPS systems providing real time alerts for any potential network breach allowing your IT staff to respond and mitigate that threat.
Commercial IPS vendors provide regular threat detection updates to ensure that your systems are protected against the latest threats.
Log management and integration
Intrusion prevention and detection systems are able to collect system logs from all devices on the network and correlate and inspect them using one management console.
Choice of deployment models
Host based IPS services reside on the system they are protecting whereas network based firewalls ‘sniff’ the incoming traffic to match against malicious packets. IPS vendors tend to offer hybrid systems ensuring a security overlay that is application and network based in nature. Protocol based systems look at rigid standards of computing information and applies ‘normalisation’ polices, this approach requires very few signatures and threat updates.
After an initial period of ‘tuning’ your IPS or IDS system creates a baseline trend of normal network behaviour. This has the distinct advantage of instantly highlighting anything suspicious or non-conformist in nature.
With any technology deployment there are things to keep in mind and consider. We have listed out potential pitfalls to consider when purchasing a IPS/IDS device / service.
What are the frequency of updates for signatures and if protocol based what is the ability of the system to detect evasive attacks?
IPS / IDS in a Denial of Service (DDoS) attack
Every system deployed has limits. In terms of a DDoS attack your systems PPS or packet per second throughput may not be able to handle attacks delivered at certain sizes. Check the true DDoS limits and depending on your website subscribe or have a relationship with a DDoS mitigation vendor.
If your firewall has IPS signatures check how many there are and ask the when does the firewall throughput affect the IPS signatures reliability. This is usually only related to websites or systems that consume large amounts of bandwidth or traffic.
Management of the system
Always look at the management console of any proposed vendor is it clear and easy to use with simple functionality clearly defined?
At Compare the Cloud, we’re here to help you get started and to identify suitable technology partners to help with your deployment. Take a few minutes to tell us about your company in our Cloud Discovery Q&A, and we’ll present you with some informed options – and help you take full advantage of Intrusion prevention and detection systems selecting a IPS / IDS provider for your needs.