• Blog
  • Data Security
  • What Are Intrusion Prevention Systems and Can They Protect Your Network from Attacks?

What Are Intrusion Prevention Systems and Can They Protect Your Network from Attacks?

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s.

Philip Robinson
| Read Time 4 min read| Updated On - January 29, 2020

Last Updated on January 29, 2020 by Philip Robinson

Trying to understand what network security solutions are available, the differences between them, how and when they should be used, can be overwhelming for most organizations. While there are many options to choose from, a typical suite of tools would include an Intrusion Prevention System (IPS), Data Loss Prevention (DLP) software/hardware, and a sophisticated Data-Centric Audit & Protection (DCAP) solution, which deals with User Behaviour Analytics (UBA).

Additionally, many organizations rely on Security Information and Event Management (SIEM) solutions to aggregate and correlate data from the logs these solutions generate, in order to provide an overview of all events that take place on their network.

So, what are Intrusion Prevention Systems, and how useful are they for protecting your network from cyber-attacks?

Intrusion Prevention VS Intrusion Detection

There is often confusion about the difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS). The key difference, as the name suggests, is that IPS solutions are not only able to identify suspicious network traffic but can also automate a response to them. This may include either blocking the network traffic or resetting network connections. Additionally, when an IPS identifies something suspicious, it will send an alert to the administrators, thus prompting them to take action.

For the reasons mentioned above, IPS solutions are sometimes referred to as Intrusion Detection & Prevention Systems (IDPS). There is also some confusion about the difference between an IPS solution and a Firewall. IPS solutions are typically more sophisticated than your average Firewall, although some of the “next generation” Firewalls share many of the same features.

How Intrusion Prevention Works

An IPS will use two different approaches to identify security threats. The first is a signature-based approach, which will either reference a list of previously identified threats, and/or use a service that provides the latest threat intelligence. However, signature-based threat detection is not able to identify new threats.

The second approach is to use statistical analysis to establish an idea about the type of network traffic patterns that are considered normal, and then firing an alert or initiating a response when an anomalous pattern emerges.

As you would expect, most IPS solutions take advantage of both techniques. Another technique that is used by IPS solutions relies on the use of a “honeypot”. A honeypot is a type of trap, which is used to trick an attacker into believing that it contains valuable data. Should an attacker access the honeypot, and alert will be triggered, informing the administrators. Most IPS solutions are network-based (NIPS) and will sit behind an organization’s Firewall. However, there are also host-based IPS solutions (HIPS) and wireless IPS solutions (WIPS). A HIPS solution is installed on the endpoints, and a WIPS solution is used to monitor and detect wireless network anomalies, unauthorized access and radio frequency attacks.

Why IPS Isn’t Enough

There’s no doubt that IPS solutions can play an important role in the keeping your network safe; however, such systems only focus on perimeter and endpoint security -specifically relating to inbound network traffic. Given that most security threats are caused by insiders, an IPS solution will need to be used in conjunction with other solutions, such as Data Loss Prevention (DLP) and Data-Centric Audit & Protection (DCAP), in order to establish a strong security posture.

DLP software can be used to block, quarantine and/or raise an alert as unencrypted data leaves the network, while DCAP solutions are required to monitor user behaviour. For example, DCAP solutions can detect, alert, report and respond to changes made to access privileges and sensitive data. They can detect unauthorised mailbox access, anomalous login failure, suspected user behaviour and much more.

Finally, while SIEM solutions are capable of aggregating and correlating data from multiple sources, they generate a lot of noise and require specialized personnel to setup and maintain – something which must be considered before choosing to implement one.

Philip Robinson
Philip Robinson

Phil joined Lepide in 2016 after spending most of his career in B2B marketing roles for global organizations. Over the years, Phil has strived to create a brand that is consistent, fun and in keeping with what it’s like to do business with Lepide. Phil leads a large team of marketing professionals that share a common goal; to make Lepide a dominant force in the industry.

Get Your Free Copy of the Ultimate Guide to Active Directory Auditing
Related Articles
The Complete Guide to Effective Data Access Governance

This whitepaper provides a comprehensive guide to implementing effective data access governance.

Download Whitepaper
Data Access Governance Solution.

Better govern access to sensitive unstructured data, enforce zero-trust, and demonstrate compliance with the Lepide Data Security Platform.

Learn more
Solutions
Platform
Company
Microsoft partner gold application development DMCA.com Protection Status