Intrusion Detection & Prevention (IDPS)

Intrusion detection and prevention systems observe all activity within a network, keep records of that activity, and look for intrusions and attacks. Intrusion detection and prevention solutions can be implemented separately or together, though having both of them is often more beneficial because both detection and response are important for network security. Over time, intrusion detection systems (IDS) and intrusion prevention systems (IPS) have merged to become intrusion detection and prevention systems (IDPS).

IDS

Intrusion detection systems monitor network traffic and record all activity in system logs, which can be studied for patterns. An intrusion detection system is known for its ability to study network activity and then detect unusual behavior. It observes the network for different traffic patterns, including those characteristic of worms or viruses, and alerts IT teams or administrators to suspicious activity or attacks. IDS can be programmed to expect certain normal network behavior and what typically occurs within segments of the network; its anomaly detection feature flags uncharacteristic actions that don’t line up with the programming.

IDS sees what an intrusion looks like and uses previous records, called intrusion signatures, to see if a new pattern might also be an intrusion. IDS accesses this data through log files that the network keeps. But this is an intrusion detection system’s weakness, too it is limited to observing intrusions that have already happened.

IDS software has different levels and prices; it can also be installed as hardware in a computer system.

IPS

Intrusion prevention systems analyze network traffic, filter requests, and allow or block requests accordingly. IPS is more proactive than IDS because it can respond to behavior. It can be overwhelming for IT teams, though, because any strange activity, even innocuous, will overload technology staff with alerts. If an IPS isn’t intelligent and can’t interpret network activity well, it will be almost impossible for humans to sort through the barrage of system alerts.

Intrusion prevention systems can be prone to false positives and negatives: a false positive blocks a legitimate packet that just seems suspicious, and a false negative misses malicious traffic. Machine learning implemented in intrusion prevention can help the system become more accurate if the technology learns network patterns better and detect true problems more accurately. More advanced automation can decrease the number of false positives and negatives. Security teams usually need to refine rules to avoid triggering false or insignificant alerts.

Intrusion prevention services can be either network-based or host-based. Network-based IPS sit near the firewall and monitor network traffic. Host-based IPS are closer to a computer or other endpoint (near the host).

Using both intrusion detection and prevention systems (IDPS)

As previously mentioned, intrusion detection and prevention are often lumped together automatically, though they can be implemented as separate solutions. They’re more effective together, however. Detecting possible abnormal activity within an application’s log file does little good if the system cannot take actions to track and quell an intruder. And without software to monitor all the network traffic, prevention systems won’t be able to locate malicious activity as effectively. Though IDPS is not the perfect solution to all network security, it’s best to deploy both detection and prevention if you are planning to use one of them.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

DarkSide Ransomware

DarkSide ransomware, first discovered in August 2020, is used to perform sensitive data...

Contact Center CRM

Contact center CRM tools, or call center CRM tools, help businesses with call...

LogMeIn Rescue

LogMeIn Rescue is a software-as-a-service (SaaS) solution that offers remote desktop software and...