Intrusion Prevention and Detection is an important component of Cyber Security in todays environment. IDS/IPS is focused on inspecting packets that are traversing your ICT Network between Datacenters, Primary locations and remote offices.
Dependent on the size of your organization, IPS/IDS solutions can be incorporated in your Enterprise Firewall solutions, although as organizations get larger, this function can put strain on the firewalls capability to allow for a good user experience. When this occurs, businesses should look at either distributing their firewalls or utilize a dedicated IPS/IDS solution.
There are 2 different types of IDS/IPS solutions:
Network Based IDS/IPS
Network based IDS/IPS is focused on inspecting the traffic (ingress and egress) for threats and concerns. They typically:
-
Identify patterns, called signatures, of malicious content within packets coming into or leaving a company’s network.
-
Identify changes in the security health or “state” of corporate servers.
It is important when reviewing Network based IDS/IPS solutions to ensure that your applications, ports and related traffic is profiled appropriately. If you are using developed applications and/or code that is being presented externally to the public or 3rd parties, its important to ensure you have your Application profiled in the solution.
Host Based IDS/IPS:
Many End Point security products can also provide a level of IDS/IPS capabilities. These solutions utilize an agent that resides on the End Point and analyses the traffic for anomalies and/or patterns that match the pre-defined applications and policies you have in place.
Host based IDS/IPS works best when business focus on corporate devices as agents and their configuration can be maintained by the business. When your business is predominantly contractors, 3rd parties and/or focused on BYO devices, Host based IDS/IPS becomes significantly more difficult to manage.
If you are looking at IDS/IPS solutions and not sure which might be best, feel free to call TWR to discuss.
Fortinet is an American multinational corporation headquartered in Sunnyvale, California. It develops and markets cybersecurity products and services, such as firewalls, anti-virus, intrusion prevention and endpoint security. Fortinet was founded in 2000 by brothers Ken Xie and Michael Xie.
Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected. An integral part of our DNA is creating long-lasting customer partnerships, working together to identify our customers’ needs and provide solutions that fuel their success.
We have preserved this keen focus on solving business challenges since our founding in 1984. Len Bosack and wife Sandy Lerner, both working for Stanford University, wanted to email each other from their respective offices, but technological shortcomings did not allow such communication. A technology had to be invented to deal with disparate local area protocols, and as a result of solving their challenge, the multiprotocol router was born.
TWR Security
Level 3, 121 Walker Street
North Sydney NSW 2060
Ph: +61 2 9460 2113
Email: sales@twrenterprises.com