Everything about ‘IPS/IDS/FIREWALL’

Is IPS anonymous to you?

Don’t worry! I am there for your help.

IPS stands for “Intrusion Prevention System”. It is a part of network security by which potential threats or attacks can be identified and respond to them promptly. The IPS is also capable of handling the process of deep-packet inspection for patterns and anomalies that may indicate an attack. In addition to this, IPS monitor network traffic and is very quick in responding to malicious traffic while forwarding the needed traffic to the recipient without any delay.

You might be thinking how does it work? Well, I have the answer to this question as well. The IPS works by maintaining data flows against a list of known vulnerabilities which are set in the firewall. These vulnerabilities are classified through CVE system i.e. Common Vulnerabilities and Exposures system. It identifies and categorizes the threats present in the software. And, this process is called as signature-based detection.

Now, let us find some differences in the IPS/IDS/Firewall.

IPS (Intrusion Prevention System), IDS (Intrusion Detection System), and Firewall are the important terms in network traffic. However, all three have some dissimilarity from one another regarding how traffic is analyzed.

IPS: – An IPS works in real-time to carry out actions as per the IPS rules. Its function is to block the bad/malicious traffic which is identified according to packet headers and payload before it may enter into your network.

IDS: – It is a passive system that logs events based on the packets of traffic against CVE’s with current network activity.

Firewall: – It identifies traffic packet headers and redirects it based off rules set in the firewall.

I hope you all are now clear about the above 3 terms. When we are talking about threat detection and protection, there is another term related to this which is known as Advanced Threat Protection (ATP).

It is very useful in eliminating malicious activity in its tracks and monitors traffic releasing out from your network. It works very intelligently. For instance; if the traffic is heading to a suspicious IP address, which is often linked with a command-and-control server, then ATP will immediately send an email alert to Unified Defense Strategy Technicians who will further analyze the destination IP, host IP, and the consistency of this traffic. Gathering all this information will help in determining whether the machine is infected or not.

Just as the case of IPS, malicious traffic identified by ATP will be dropped by default.

For more great content like this, subscribe to our monthly newsletter:

[newsletter]