By Samantha Agather, Information Security Analyst – Intrinium
The Low Down on Intrusion Prevention and Detection Services
In an ideal world, companies could focus all their time and resources on their products and services. However, our world is far from perfect, and the digital space is just beginning to see the financial and legal consequences of malicious behavior. Security must be built as a priority rather than an afterthought to ensure business outcomes and objectives are not disrupted. More specifically, layering security tactics (firewall, anti-virus, SIEM, and the list goes on), is just as important to combat malicious actors trying to steal data and penetrate networks.
Like your physical building security, you do not just have an alarm system on your building but, you will have locks on your interior and exterior doors, passwords on your computers, etc. to ensure your physical business is as secure as possible, your digital assets require the same approach. Malware and attackers can find loopholes in just a firewall or just antivirus easily enough, which is why layered security is a better approach.
An IPS/IDS is an additional layer of security that analyzes network traffic/host-based network traffic for abnormal behavior, and then potentially stops the activity. These services can either be offered individually or they can be combined into an IPS/IDS.
IPS/IDS solutions are commonly offered by third parties, like Intrinium. This is a great option to pair with 24x7x365 Security Operations Center monitoring, which not only will add additional security but, will help meet compliance requirements as well.
What is the difference between Prevention and Detection?
- Prevention Services run in conjunction with Detection services to block potentially malicious traffic detected along a network or within a host. There are multiple methods of detection used, and other classes of services specific to the network type, such as wireless (WIPS), network (NIPS), and host-based (HIPS).
- Detection only analyzes the traffic, either using a signature-based approach or an anomaly-based. Similar to Prevention services, there are different classes of services, most commonly host-based (HIDS) and network-based (NIDS).
What do they do?
Together, they help secure network traffic passing through the appliance. Alerts can be configured for a resource to analyze and determine whether the traffic was malicious. Most next-generation firewalls (NGFW) have IPS included already, providing more protection with a simplified architecture. Combining IPS/IDS with experts from a specialized security company, your company can rest assured that the company data will be safe.
What benefit does my company gain?
The company gains peace of mind that their risk of malicious access is minimized and that there are experts running analyses as necessary to ensure their peace of mind. They also gain 24x7x365 monitoring via the experts, should your company want that service.
What kind of Security benefits are there?
At Intrinium, we recommend running an IPS over an IDS, but both provide excellent malicious traffic detection. The IPS block traffic that it believes to be malicious, so you have more information should an attack be launched on your external presence. More information is always better when it comes to securing your environment.