Thursday, February 27, 2020

What is an Intrusion Prevention System (IPS)?

In times of data leakage, such as constant leaks via e-commerce companies and the impact on the retail sector, which suffers an average of 4,000 information security threats each year, according to the Global State of Information Security Survey released by PwC in 2017, prevention becomes a strategic priority.

Intrusion detection (IDS) and intrusion prevention (IPS), because together we are stronger

With the level of attacks that we have today, remembering, for example, the cases of Ransomware, we cannot think about IDS versus IPS. Despite the differences in concept and applicability, both have the same objective: information security.

On a simple level, the difference is between detection and prevention. While IDS products are designed to inform you that something is trying to enter your system, IPS products try to prevent access.

IDS and IPS are designed for different purposes, but their technologies are similar. The applicability of the IDS is justified in situations where it is necessary to explain what happened in an attack, while the IPS stops the attacks. In short, an IDS system collects information that is not an IPS priority, such as port scans and other scans.


The efficiency of the Intrusion Prevention System - IPS  Security

An intrusion prevention system monitors network traffic and has the ability to take immediate action, based on a set of rules established by the network administrator, in cases where the intrusion occurs due to the nature of the attack and its speed.

The efficient use of the Intrusion Prevention System can, for example, discard a packet that it considers to be malicious and block all traffic from that IP address or port. Traffic that is considered legitimate or secure will be forwarded to the recipient without any apparent interruption or delay in the service.

The detection mechanisms perform the monitoring and analysis of traffic patterns, as well as individual packets, including address matching, string and HTTP substring, TCP connection analysis, detection of packet anomalies and traffic anomalies in port communication TCP / UDP.


No comments:

Post a Comment