make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

IDS and IPS 101: How Each System Works and Why You Need Them

10/31/2017

Share

Social Logo Social Logo Social Logo Social Logo

Losing sensitive information because of a cyber attack has been a concern for businesses and enterprises for nearly two decades.  In the early 2000s, intrusion detection systems (IDS) and intrusion prevention systems (IPS) became a security best practice to help businesses protect themselves against evolving data breaches. Before then, firewalls had been very effective in countering the threat landscape of the 1990s.

While the systems have changed over time, having a robust IDS/IPS system in place is just as critical today. So what role to IDS/IPS systems play in today’s cybersecurity landscape?  

How Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) Work

While the lines between IDS/IPS have become blurred over time, some unique differences essential to note include:

  • Intrusion Detection Systems (IDS). The IDS contains a database of known attack signatures and compares the inbound traffic against to the database. Think of your IDS system as a security guard who can search potential attackers for weapons, but he cannot run around and prevent people from sneaking in. He's only able to examine what people are bringing into your network. When a known event is detected a log message is generated detailing the incident.
  • Intrusion Prevention Systems (IPS). The IPS sits between your firewall and the rest of your network so that it can stop the suspected malicious traffic from getting to the rest of the network. Think if your IPS system as a security guard who can prevent attackers from entering your network. When a known event is detected the packet is rejected. 

The main difference is that an IDS only monitors traffic. If an attack is detected, the IDS reports the attack, but it is then up to the administrator to take action. That’s why having both an IDS and IPS system is critical. A good security strategy is to have them work together as a team. 

Here’s a high-level example of how the two work together to provide comprehensive protection:

Why IDS/IPS Systems are Critical for Cybersecurity

While many companies leverage IDS/IPS systems to fulfill a compliance checkbox, both systems are vital to protecting your network. According to new research, your website is hit with 22 cyber attacks every day. IDS/IPS ensures any potential threats that sneak through the firewall are addressed as soon as the attack occurs.  

At LBMC, we’ve created a cost-effective solution to help organizations benefit from round-the-clock protection without the need to build out a world-class staff of security monitoring and incident response pros. 

Learn more about LBMC’s IDS/IPS Managed Security Services and how they can help you protect your organization against the growing number of cybersecurity threats you face.