Threat management continues to be a top priority in the world of business. IT Professionals need to fully understand the functionality of intrusion defense tools in order to make good purchasing decisions.
Intrusion Detection System (IDS) – is a device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected, a log message is generated detailing the event. A Protocol Analyzer is a tool that a network engineer uses to look deeply into the network, and see what is happening from a security point of view.
Intrusion Prevention System (IPS) – is a device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected, the packet is rejected. This is also known as a control tool.
For many organizations, one of the most difficult tasks to consider when it comes to Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS,) is simply understanding at what point you will need them and what their functions will be. With all the options we have in the market, such as Firewalls, Unified Threat Management (UTM), IDS and IPS, it’s daunting to choose which is best for your company’s needs.
The functional difference between an IDS and an IPS is a fairly understated one and is often nothing more than a configuration setting change. The main reason to have an IPS, is to block known attacks across the network. When there is a window of time following an exploit announcement, and you have the time to patch your systems, an IPS is an excellent tool to quickly block known attacks, especially those using common or well-known exploit tools.
The increased visibility to the security posture of the network is what characterizes an IDS. This visibility differentiates the detection function of an IDS, from the control function of an IPS.
An IDS will detect true intrusions. An IPS will block true intrusions. These products do so much more in conjunction with each other. They provide greater control and greater visibility.
The question that remains for your company is, IDS, IPS or both? Remember to focus on your primary requirement. If you prefer greater visibility, buy an IDS. If you are searching for good network forensics and analysis capabilities, the most important part of your company’s picture is the IDS management console. Without an effective way of digesting or extracting information from the IDS management console, you won’t immediately see the results from IDS. That’s why a greater knowledge in network forensics or security will be your key for analyzing the packets with anomalies that have been detected. If you want greater control buy an IPS. The most important part of the picture is the IPS detection engine. It is important to be sure that the IPS you purchase has the ability to quickly detect and block attacks at very high speeds, without degrading network performance, and throughput or latency.
If your company has need of an IDS and IPS, or would like more definitive guidance and assessment from an IT Security professional, Aavex Technology Corporation is here to help. Please call us now, at 630-365-0025. We look forward to talking about it with you.