Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.
An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.
The network intrusion prevention system (IPS) appliance solution is composed of stand-alone appliances that inspects all network traffic that has passed through frontline security devices, such as firewalls, Web security gateways and email security gateways. IPS devices are deployed in line and perform full stream reassembly of network traffic. They provide detection via several methods — signatures, protocol anomaly detection, behavioral or heuristics. By being in-line, IPSs can also use various techniques to block attacks that are identified with high confidence. The capabilities of IPS products need to adapt to changing threats, and next-generation IPSs (NGIPSs) have evolved in response to advanced targeted threats evading first-generation IPSs.
Next-generation IPS (NGIPS) products are being put through their paces in real-world IT environments, the question is whether IPS will maintain its relevance in the enterprise or fade away as organizations put less emphasis on perimeter security and look to bundle similar feature in unified threat management and next-generation firewall deployments.
Importance and relevance to an enterprise
Security threats and attacks at the application layer are becoming more complex and more sophisticated. More than ever, you need to achieve the highest level of effective network intrusion security; it’s critical to maintaining the high level of protection that keeps your business running.
Cyber attackers have access to some of the smartest people and sophisticated, clever attack tools and malware. In many respects, they appear to have the upper hand in the continuous battle against security countermeasures. Attackers employ armies of infected computers (known as bots or zombies) in botnets that launch massive, automated attacks that scan enterprises for vulnerabilities and exploit them, usually to steal information.
Increasingly, criminals, unscrupulous competitors, hacktivists and unfriendly nation states are launching targeted attacks against high-profile targets. Attackers breached security giant RSA, obtaining data to compromise its flagship SecurID authentication products. The so-called Aurora attacks successfully breached Google, Adobe and a number of other major companies.
The firewall is an important cornerstone of network security. Traditional firewalls are generally easy to operate and maintain, but are also relatively unsophisticated and therefore ineffective against many of todays advanced Internet threats. Because traditional firewalls aren’t designed to inspect application content, an attack from an allowed IP address or port can often simply pass through a firewall.
Endpoint antimalware detects and blocks many attacks, but its effectiveness has decreased in the face of extremely sophisticated obfuscation techniques, polymorphism and the sheer volume of new malware – millions of unique samples every year.
Next generation IPS solutions provide flexible and modular security for defending your applications, networks and data from today’s advanced persistent threats and high-profile attacks.
The IPS operates in-line in the network, blocking malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical. Appliance based IPS high performance and extraordinary intrusion prevention accuracy has redeﬁned network security, and fundamentally changed the way people protect their organization. It is no longer necessary to clean up after cyber attacks have compromised network servers and workstations. No more ad-hoc and emergency patching and no more out of control, rogue applications like Peer-to-Peer and Instant Messaging running rampant throughout the network. Denial-of-Service (DoS) attacks that choke Internet connections or crash mission critical applications are a thing of the past. IPS solutions decrease IT security cost by eliminating ad-hoc patching and alert response, while simultaneously increasing IT productivity and proﬁtability through bandwidth savings and protection of critical applications.
Key benefits of NX IPS System