IPS: Next generation IDS

An IPS offers the ability to identify an intrusion, relevance, impact, direction and proper analysis of an event and then pass the appropriate information and commands to the firewalls, switches and other network devices to mitigate the event’s risk.
The key technical components of IPS include the marriage of global and local host controls, IDS, global and local security policy, risk management software and globally accessible consoles for managing IPS.

An IPS is the next security layer to be introduced that combines the protection of firewall with the monitoring ability of an IDS to protect our networ with the analysis necessary to make the proper decision on the fly.

IDS started the overall protection by first protecting host(HIDS), then network (NIDS). First and second generation IDS currently protects our network by identifying the threats. IDS provides real time alerts and reports. They cannot provide the necessary intelligence to notify all the network components downstream and upstream from the point of identification. This is where the IPS becomes the part of overall layered approach to security. IPS gathers all network information and make determination of the threat, then notify all other devices of those findings. Upstream providers can notify the downstream customers of possible attacks before or during the events as that malicious attempts arrives and vice versa.
Although IPS are actually the next generaton IDS, there will always be a need to keep those seperate technologies. Security devices must remain seperate to allow depth in overall protection; thus , firewall will need IDS and the network will need IPS. Each techology is bound to each other with the dependencies that will not disappear.

IPS has all the features of a good IDS, but can also stop malacious traffic from invading the enterprise. Unlike an IDS, an IPS sits inline with traffic flow on a network, actively shutting down attempted attacks as they are sent over the wire. It can stop the attack by terminating the network connection or user session originating the attack, by blocking access to traget from the user account, IP address or other attributes assocaited with that attacker, or by blocking all access to the targetted host, services, or application.

More Here


No comments:

For any information, please email to apacheidm@gmail.com

Disclosure Policy
This blog is a personal blog written and edited by me. This blog accepts forms of cash advertising, sponsorship, paid insertions or other forms of compensation.
This blog abides by word of mouth marketing standards. We believe in honesty of relationship, opinion and identity. The compensation received may influence the advertising content, topics or posts made in this blog. That content, advertising space or post will be clearly identified as paid or sponsored content.
The owner(s) of this blog is not compensated to provide opinion on products, services, websites and various other topics. The views and opinions expressed on this blog are purely the blog owners. If we claim or appear to be experts on a certain topic or product or service area, we will only endorse products or services that we believe, based on our expertise, are worthy of such endorsement. Any product claim, statistic, quote or other representation about a product or service should be verified with the manufacturer or provider.
This blog does not contain any content which might present a conflict of interest.