Intrusion Detection/Prevention Systems

The Importance of Intrusion Detection and Prevention Systems

Signature-based Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) can detect known attacks against servers – and are especially useful in protecting known attacks before the servers can be patched. Behavior-based Intrusion Prevention Systems can sometimes prevent behavior-based 0-day attacks.

Limitations of IDS/IPS Systems

Signature-based Intrusion Detection Systems cannot detect 0-day attacks. Both IDS and IPS produce a number of false positives. False positives on IPS mean users cannot get to their data or application. IDS and IDP devices both require a good deal of tuning.

Vidder's IDS/IPS Recommendations

Because an IDS is potentially capable of catching internal port scans and other activities that warrant investigation, Vidder recommends that an IDS be placed just inside the Internet firewall to monitor all traffic entering and leaving the network. Vidder also recommends placing an IPS just outside the datacenter firewall to block known attacks while waiting for patches to permanently mitigate the known attack. However, as more and more connections become encrypted end-to-end, the value of IDS/IPS systems will diminish.

Trusted Networking

Architecture

Applications

Industries

Overview

Internet Services

Perimeter Penetrating

Lateral Movement

Secure Clients/Servers

Data Security

Secure Networks

Secure Admins