Network Based IDS/IPS
Network based IDS/IPS is focused on inspecting the traffic (ingress and egress) for threats and concerns. They typically:
Identify patterns, called signatures, of malicious content within packets coming into or leaving a company’s network.
Identify changes in the security health or “state” of corporate servers.
It is important when reviewing Network based IDS/IPS solutions to ensure that your applications, ports and related traffic is profiled appropriately. If you are using developed applications and/or code that is being presented externally to the public or 3rd parties, its important to ensure you have your Application profiled in the solution.
Host Based IDS/IPS:
Many End Point security products can also provide a level of IDS/IPS capabilities. These solutions utilize an agent that resides on the End Point and analyses the traffic for anomalies and/or patterns that match the pre-defined applications and policies you have in place.
Host based IDS/IPS works best when business focus on corporate devices as agents and their configuration can be maintained by the business. When your business is predominantly contractors, 3rd parties and/or focused on BYO devices, Host based IDS/IPS becomes significantly more difficult to manage.
If you are looking at IDS/IPS solutions and not sure which might be best, feel free to call TWR to discuss.