The Ins and Outs of IDS/IPS

There are critical differences between IDS and IPS that can greatly impact your network security strategy. Intrusion Detection Systems (IDS) monitor network traffic and report on anomalous traffic that could be potentially malicious. Intrusion Prevention Systems (IPS) monitor network traffic and actively, immediately block malicious traffic. It is important that the right system be deployed for the job at hand. It is also important that the connection method be compatible with the job at hand.

Intrusion Detection Systems

IDS monitors network traffic. Monitor being a key word here. A copy of network traffic is sent to the monitoring tool and analyzed. The analysis is a comparison of monitored traffic to known malicious threats. These threats can be pre-programmed security policy items or known malicious software used to gain access to servers or other network equipment. A few timely examples might be ransomware attacks or phishing emails that attempt to bait employees to click links that will embed malicious software.