Intrusion Detection & Prevention (IDPS) Definition & Meaning

Intrusion detection and prevention systems observe all activity within a network, keep records of that activity, and look for intrusions and attacks. Intrusion detection and prevention solutions can be implemented separately or together, though having both of them is often more beneficial because both detection and response are important for network security. Over time, intrusion detection systems (IDS) and intrusion prevention systems (IPS) have merged to become intrusion detection and prevention systems (IDPS).

IDS

Intrusion detection systems monitor network traffic and record all activity in system logs, which can be studied for patterns. An intrusion detection system is known for its ability to study network activity and then detect unusual behavior. It observes the network for different traffic patterns, including those characteristic of worms or viruses, and alerts IT teams or administrators to suspicious activity or attacks. IDS can be programmed to expect certain normal network behavior and what typically occurs within segments of the network; its anomaly detection feature flags uncharacteristic actions that don’t line up with the programming.

IDS sees what an intrusion looks like and uses previous records, called intrusion signatures, to see if a new pattern might also be an intrusion. IDS accesses this data through log files that the network keeps. But this is an intrusion detection system’s weakness, too it is limited to observing intrusions that have already happened.

IDS software has different levels and prices; it can also be installed as hardware in a computer system.

IPS

Intrusion prevention systems analyze network traffic, filter requests, and allow or block requests accordingly. IPS is more proactive than IDS because it can respond to behavior. It can be overwhelming for IT teams, though, because any strange activity, even innocuous, will overload technology staff with alerts. If an IPS isn’t intelligent and can’t interpret network activity well, it will be almost impossible for humans to sort through the barrage of system alerts.

Intrusion prevention systems can be prone to false positives and negatives: a false positive blocks a legitimate packet that just seems suspicious, and a false negative misses malicious traffic. Machine learning implemented in intrusion prevention can help the system become more accurate if the technology learns network patterns better and detect true problems more accurately. More advanced automation can decrease the number of false positives and negatives. Security teams usually need to refine rules to avoid triggering false or insignificant alerts.

Intrusion prevention services can be either network-based or host-based. Network-based IPS sit near the firewall and monitor network traffic. Host-based IPS are closer to a computer or other endpoint (near the host).

Using both intrusion detection and prevention systems (IDPS)

As previously mentioned, intrusion detection and prevention are often lumped together automatically, though they can be implemented as separate solutions. They’re more effective together, however. Detecting possible abnormal activity within an application’s log file does little good if the system cannot take actions to track and quell an intruder. And without software to monitor all the network traffic, prevention systems won’t be able to locate malicious activity as effectively. Though IDPS is not the perfect solution to all network security, it’s best to deploy both detection and prevention if you are planning to use one of them.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

UPDATED: This article was updated April 6, 2021 by Web Webster   From A3 to ZZZ we list 1,559 text message and online chat abbreviations to...

How to Create a Website Shortcut on Your Desktop

UPDATED: This article was updated April 6, 2021 by Web Webster   This Webopedia guide will show you how to create a desktop shortcut to a...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

What are the 5 Generations of Computers?

UPDATED: This article was updated on April 6, 2021 by Web Webster   Learn about each of the 5 generations of computers and major technology developments...

Hackerspace Definition & Meaning

What is a hackerspace? A hackerspace, also known as a hacklab, incubator, or hackspace,...

Random Access Memory (RAM)...

UPDATED: This article Updated April 6, 2021 by Web Webster   Random Access Memory (RAM)...

OEM – original equipment...

UPDATED: This article was updated April 6, 2021 by Web Webster OEM (pronounced as...