Intrusion Prevention System is a vital security control that keeps the organization at the acceptance level of risk hygiene.

 

Nowadays, as more digital innovation happens and new devices or technologies come into the market, there are always increased threats from various sources and different threat actors.

 

Intrusion Prevention does both the detection and prevention of any malicious activity. Intrusion detection focus on monitoring devices and network activities for anomalies. Once an anomaly is detected, a specific traffic will be activated, with agreed-upon actions to block the activity.

 

How does it work?

 

It sits on your network behind the firewall scanning the network traffic based on source or destination pair for any malicious activity based on several techniques mentioned below:

 

• Signature Based: Network traffic is analyzed to see if it matches any signature patterns. If it matches, then the traffic will be treated against the configured action. One drawback of this method is that it will block only known attacks.
• Anomaly-based: This technique works by scanning a packet for any abnormal behaviour, and once it finds the abnormality, the packet is either blocked or quarantined based on the configured action. It comes with more advanced Machine Learning or AI technology that helps in reducing false positives and improving the quality and effectiveness of detection and prevention.
• Policy-based: This technique is less common than the other two because it needs a more advanced product knowledge to set up and configure. This technique requires consistent and regular fine-tuning to achieve optimal detection and protection, which increases the Administrator overhead.

 

Here is the process flow used when a malicious content or packet is detected by the IPS:

 

• Send an alert/alarm to the configured notification admin users
• Drop the malicious content/packets
• Block the packet from the source
• Reset the connection from the source

 

Why do we need an Intrusion Prevention System?

 

It helps in preventing the exposure of our network to the outsider activities such as:

 

• Enumeration
• Scanning
• Flooding
• Spoofing
• Detect and Prevent Evasion
• Buffer Overflow attacks
• Fragmentation attacks

 

Features of Intrusion Prevention System:

 

• Real-Time detection and prevention
• Automated response
• Policy Enforcement

 

Benefits of Intrusion Prevention System:

 

• Improved Security
• Compliance Assistance
• Speed and accuracy to catch the real-time attacks
• Greater network visibility

 

 

Design

 

• Discussion on understanding the requirement
• Requirement Analysis & Discussions
• Creating HLD & LLD
• Final Initial Phase discussion

 

Configuration

 

• Deploying the IPS and the required agents in the network
• Basic configuration to make the IPS up and running
• Verifying the correlating rules and creating custom policies or rules based on the requirement
• Creating Custom dashboards and reports for the customer

 

Operations

 

• Upgrading the software to the latest stable version
• Patching new vulnerabilities by updating the hotfixes or the solution proposed by Vendor
• Continuous monitoring of security events daily
• Health monitoring

 

Optimize

 

• Fine-tuning the IPS---Checking for undetected security attack vectors, reducing the false positive by analyzing the triggered alerts/events.

 

We provide 24/7 support in monitoring the IPS Events and respond as per the agreed SLA.