Intrusion Detection & Prevention (IDPS)

Intrusion detection and prevention systems observe all activity within a network, keep records of that activity, and look for intrusions and attacks. Intrusion detection and prevention solutions can be implemented separately or together, though having both of them is often more beneficial because both detection and response are important for network security. Over time, intrusion detection systems (IDS) and intrusion prevention systems (IPS) have merged to become intrusion detection and prevention systems (IDPS).

IDS

Intrusion detection systems monitor network traffic and record all activity in system logs, which can be studied for patterns. An intrusion detection system is known for its ability to study network activity and then detect unusual behavior. It observes the network for different traffic patterns, including those characteristic of worms or viruses, and alerts IT teams or administrators to suspicious activity or attacks. IDS can be programmed to expect certain normal network behavior and what typically occurs within segments of the network; its anomaly detection feature flags uncharacteristic actions that don’t line up with the programming.

IDS sees what an intrusion looks like and uses previous records, called intrusion signatures, to see if a new pattern might also be an intrusion. IDS accesses this data through log files that the network keeps. But this is an intrusion detection system’s weakness, too it is limited to observing intrusions that have already happened.

IDS software has different levels and prices; it can also be installed as hardware in a computer system.

IPS

Intrusion prevention systems analyze network traffic, filter requests, and allow or block requests accordingly. IPS is more proactive than IDS because it can respond to behavior. It can be overwhelming for IT teams, though, because any strange activity, even innocuous, will overload technology staff with alerts. If an IPS isn’t intelligent and can’t interpret network activity well, it will be almost impossible for humans to sort through the barrage of system alerts.

Intrusion prevention systems can be prone to false positives and negatives: a false positive blocks a legitimate packet that just seems suspicious, and a false negative misses malicious traffic. Machine learning implemented in intrusion prevention can help the system become more accurate if the technology learns network patterns better and detect true problems more accurately. More advanced automation can decrease the number of false positives and negatives. Security teams usually need to refine rules to avoid triggering false or insignificant alerts.

Intrusion prevention services can be either network-based or host-based. Network-based IPS sit near the firewall and monitor network traffic. Host-based IPS are closer to a computer or other endpoint (near the host).

Using both intrusion detection and prevention systems (IDPS)

As previously mentioned, intrusion detection and prevention are often lumped together automatically, though they can be implemented as separate solutions. They’re more effective together, however. Detecting possible abnormal activity within an application’s log file does little good if the system cannot take actions to track and quell an intruder. And without software to monitor all the network traffic, prevention systems won’t be able to locate malicious activity as effectively. Though IDPS is not the perfect solution to all network security, it’s best to deploy both detection and prevention if you are planning to use one of them.

 



 

 

Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Related Articles

Early Adopter

Early adopters play an integral role in the shift from untested to critical technology—they're the first buyers to invest in new hardware, software, or...

Process Automation

Process automation shortens or eases manual tasks, often making the results more accessible to users. Automation typically decreases the need for human deliberation or...

Digital Marketing Acronyms and Terms to Know

Many companies have had to evolve their businesses to meet consumer wants and needs in new ways. One area that is evolving consistently and...

Database Software

All organizations must store and manage data in a database. Database software is key to efficiently accessing, controlling and sharing the information stored in...

Accenture

Accenture is a global professional services company that specializes in information technology (IT)...

Best Managed Security Service...

Organizations of all sizes can outsource their management of security devices and systems...

Gartner

Gartner is a world-renowned information technology (IT) consultancy and advisory firm that conducts...