Like every industry, the tech industry has its share of acronyms.
Intrusion defense systems (IDS) and intrusion prevention systems (IPS) are particularly confusing. Their names would suggest they’re similar. When you shop for either an IDS or IPS, you’ll find the same list of vendors. And even though they start with a common base, the actions they perform in the network are considerably different.
An intrusion prevention systems (IPS) is a control device. It helps build the policy side of your security system. It sits between networks, and controls the traffic going through them. It makes the decisions on what traffic should be allowed to be passed through the system, and what traffic should not.
The main reason to have an IPS is to block known attacks that can travel through a network. Often, there is a window of opportunity between when a security breach is found to exist and installing a patch within the system. An IPS is an excellent way to block known attacks, especially those using standard design tools.
An intrusion defense systems (IDS) on the other hand is a visibility tool. It’s a window into the security platform of the network. It helps security analysts see things like:
- Security policy violations
- Viruses or trojan horses
- Information leaks, such as spyware
- Incorrect security settings
- Misconfigured firewalls
- Unauthorized clients and servers
Which should you buy?
As you move forward in internal security, detection is your first line of defense. Knowing you have a problem allows you take the necessary precautions to get it fixed. Therefore for most businesses, an IPS puts the control into your security policy and provides you with a line of defense.
With an IDS, it only brings you value if you have the time to look at what it’s telling you. With a small staff, an overstressed IT manager, or personnel that doesn’t have the time to reflect properly on the analysis presented, the data isn’t going to do you much good.
In these conditions, IPS before IDS may be your best course of action.
However, most vendors sell products that combine both IPS and IDS functions. As you are considering IPS, IDS or a combination of both, it’s important to remember your original goal and focus on your primary requirement.
What’s the best system for your security needs?