Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What is (an) Intrusion Prevention System?
#1
Lightbulb 
Quote:
[Image: heimdal-logo.svg]
 
How to Build up a Cost-Effective Intrusion Prevention System Framework

Intrusion Prevention System may very well be the next milestone in proactive network security. The reasoning behind the statement is not hard to grasp – a June 2020 study, focused on the Asia-Pacific markets, found a 25,07% CAGR (compound annual growth rate) of network traffic analytics. The growth is directly proportional to the acclivity in network traffic malware (e.g. Denial of Service, DNS hijacking, DNS poisoning, etc.).

This forecast was computed over a 10-year timeframe and will, undoubtedly, change, as new ‘players’ step up to the plate; and they’re not far behind. Netwalker, the latest in RaaS (Ransomware-as-a-Service), has already started to assert itself – this can only spell disaster for the corporate sector. This ominous ‘net stomper’ is has racked up over $25 million (and still counting).

Is Intrusion Prevention System the golden ticket to a RaaS-free online environment? I’m somewhat reluctant to abide by this statement; game-changer is a better word to describe the wonderous, new Intrusion Prevention System – actually, not a novelty, still a better choice than leaving your network unguarded. Now, ad-libs aside, let’s talk about IPS.

Deconstructing (an) Intrusion Prevention System

Fact: there are no IPS without IDS (Intrusion Detection System). IDS is IPS’s yang, as IPS is IDS’ yin. Poetics aside, IDS is a device or even a piece of software that actively monitors a system or network for signs of policy violations or – relevant to this article – malicious activity. The data collected by an IDS can be fed to a SIEM (Security Information and Event Management System).

SIEMs are the proverbial steam engine of the entire network security effort – info gathered at SIEM level be used to create actionable reports, reinforce network security, identify (security) gaps, minimize damage, and, if applicable, determine the best course of action to root out malware that may have ‘burrowed’ into your endpoints. IPSs are sometimes confused with firewalls since both have something to do with network security. Of course, it goes without saying that the two of them different, the major distinction between the two being the IPS’ ability to detect both outside and inside threats.

Anyway, on the topic of IDSs, they can be classified according to the detection methods. I’m just going to lay them out here, as they are:
  • NIDS (Network Intrusion Detection Systems) – ‘sniffers’ placed at key points to monitor the incoming and ongoing network traffic. NIDS can operate in online and offline mode (inline vs. tap). On a tech level, NIDS inspects Ethernet packs. If any of them exhibit anomalous activity, it is capable of enforcing rules. Neural networks are often employed to enhance NIDS detection capabilities.
  • HIDS (Host Intrusion Prevention Systems) – can monitor devices or hosts on the networks. Such systems are used to analyze outbound and inbound packets from the targeted device. If an anomaly is detected, the administrator will be notified.
  • Signature-based IDS – detection method based on malicious patterns. The terminology (malicious patterns ‘dictionary’ and definitions) originates from antivirus.
  • Anomaly-based IDS – this detection method relies on comparing newly-identified – and possibly malicious- behavioral patterns against a database of ‘normal’ network activity. Tiny fun fact: Gartner has chartered a new type of anomaly-based IDS framework called UEBA (User and Entity Behavior Analytics).
So, we’ve pretty much covered IDS (promise I’ll return with a full-length article on the topic). Let’s now talk about Intrusion Prevention System(s).
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>