Tidings What is a System Intrusion Prevention (IPS)?

Posted on 30 May 2018

An Intrusion Prevention System is a proactive approach to network security, used to identify potential threats and respond quickly to attacks. The search for tools and strategies such ganhadobastante has relevance since the number of threats to information security, which now reaches all sectors of the economy, has reached alarming levels in recent years.

Data leakage times, like constant leaks via e-commerce companies and the impact on the retail sector, which suffers an average of 4,000 threats to information security each year, according to the Global State of Information Security Survey published by PwC in 2017, Prevention becomes a strategic priority.

Intrusion Detection (IDS) and intrusion prevention (IPS), because together we are stronger

With the level of attacks that we have today, noting for example the cases of ransomware, we can not think of IDS vs. IPS. Despite the differences in concept and applicability, both have the same objective: the security of information.

On a simple level, the difference is between detection and prevention. While IDS products are designed to inform you that something is trying to get into your system, the IPS products attempt to prevent access.

IDS and IPS are designed for different purposes, but their technologies are similar. The applicability of IDS is justified in situations where it is necessary to explain what happened in an attack while the IPS stops attacks. In short, an IDS system collects information that are not priorities from the perspective of the IPS, such as scans ports and other recognitions.

The efficiency of the Intrusion Prevention System - IPS

An intrusion prevention system monitors network traffic and has the ability to take immediate action, based on a set of rules established by the network administrator, where the invasion occurs because of the nature of the attack and its speed.

An efficient use of Intrusion Prevention System can for example, drop a packet that it considers malicious and block all traffic from that IP address or port. Traffic that is considered legitimate or safe, will be forwarded to the recipient without apparent interruption or delay in service.

Os mecanismos de detecção realizam o monitoramento e análises dos padrões de tráfego, bem como pacotes individuais, incluindo a correspondência de endereço, cadeia de caracteres e substring HTTP, análise de conexão TCP, detecção de anomalias de pacotes e anomalias de tráfego na comunicação de portas TCP/UDP.

Benefits of Intrusion Prevention System for companies

A maioria das organizações hoje podem se beneficiar dos sistemas de prevenção contra invasão, uma vez que uso de tecnologias dedicadas ao uso de hardware, software e redes fazem parte da infraestrutura computacional da maioria das empresas, independente do seu tipo ou setor.

IPS technology offers many benefits for organizations, let's check out three of the most significant benefits:

  • Detects and stops attacks that other security controls do not do
  • Supports customization of detection capabilities to stop activities that are for a single organization only interest
  • Reduces the amount of network traffic that affects other security controls, which reduces the workload for these controls and protects against direct attacks.

The most important benefit provided by Intrusion Prevention System is undoubtedly the ability to detect and stop a variety of attacks that can not be automatically identified by firewalls, antivirus and other security controls of the company.

The technology employed by the IPS uses a combination of several methods to detect attacks. Each method has its own characteristics, so making the use of the strongest features of each method, an IPS can detect a wide variety of attacks.

The intrusion prevention systems are critical to most organizations in order to detect and stop network-based attacks, especially those that can not be detected by other security controls of the company.

Information security has now become mandatory requirement to ensure not only the continuity of the business, but is sure to respect the privacy and integrity of customers and suppliers.

Learn more about preventing attacks knowing Aker UTM solution

Translation