Mind Your HIPS & WIPS: Intrusion Prevention 101
Recently we outlined the different types of IDS options available for businesses looking to beef up their cyber security protection. In this post, we’re going to dive into Intrusion Prevention Systems, or IPS, and focus on how it prevents malicious attacks from occurring within your network.
Picking up from last week, we know the major difference between IDS and IPS is that the former detects and the latter protects; in other words, IDS is static whereas IPS actively blocks and prevents malicious attacks that are detected, doing everything from sending an alarm when the initial attack occurs to blocking the harmful IP address. Just as with different types of IDS options, IPS has varying subsets as well depending on the type of network in your organization.
NIPS: Network-based intrusion prevention systems normally rely on three different detection types for potential attacks – signature-based detection, anomaly-based detection, and protocol state analysis detection. Signatures are predetermined, so in this case the IPS scans the network for incoming signatures that match. Anomaly-based detection looks for anything that is out of the ordinary; specifically, a “normal” level is set and anything to the contrary is dealt with accordingly. Finally, protocol state analysis is similar to signature-based in that it takes pre-defined events and profiles into account as it continuously scans incoming and outgoing traffic on the network.
WIPS: Wireless intrusion prevention systems are composed of a device or application that is integrated into a network and monitors a wireless LAN’s radio spectrum for threats.
NBA: Network behavior analysis is an interesting addition to different types of IPS options – it is a passive reporting device since it alerts the system to potential threats, but it is seen as an extension of an IPS in that it assists with the active search and destroy missions. Also, it should be noted that NBAs can detect zero day exploits and new malware, a skill that NIPS lacks severely.
HIPS: Host-based intrusion prevention systems basically use a database full of information to cross check every incoming object to the network. What’s extra helpful with a HIPS set up is that they’re implemented on multiple layers throughout the network or system.
Intrusion Prevention Systems are really a step up for any company’s cyber security protection plan since they detect and protect through the various options listed above. However, that’s not to say that the process can operate completely on its own. Monitoring is a critical component of a security strategy, but too often the burden placed on internal teams to monitor systems 24×7 and causes organizations to have gaps in their detection or bypass monitoring entirely. By employing a point person or team, such as Neovera, to manage and monitor your cyber space. This ensures that an additional measure of security will keep your protected data safe and secure through this additional level of cyber security management and monitoring.