Intrusion prevention systems: The must-have piece to your network security puzzle
Network security is not a one-and-done process. Organizations can no longer install a few firewalls and expect their data to remain safe from breaches. If IT managers didn’t know this already, they learned it from the Target point-of-sales attack and the Heartbleed bug — just when we thought our information was safe, hackers developed new ways to snake through our systems and steal valuable data.
The only way to get ahead of these thieves is by changing the way organizations look at network security. Too many take a patchwork approach, implementing just a piece or two of a larger puzzle. One piece alone puts your organization at risk, but when you connect many systems and measures together, you complete the security picture.
One of the more important puzzle pieces that too many organizations still don’t have in place is an intrusion prevention system (IPS). The IPS operates on the front lines of network defense, working in tandem with intelligence gathering systems that comb logs for suspicious activity, application security tools that detect and thwart attacks on vulnerable applications, and data protection systems that keep your most sensitive information locked down.
And while it’s just one part of a comprehensive security plan, IPS is a must-have in today’s era of larger, more frequent, and more damaging breaches. Yet other tools are still in use as a first line of defense against intruders, including firewalls and intrusion detection systems (IDSs). Here’s a breakdown of why IPSs should be an integral part of your larger security ecosystem.
- Firewalls: Still the de facto gatekeeper for many networks, firewalls act as a sieve to permit and block traffic by port and protocol rules. But this black-and-white approval process can place organizations at risk. Hackers can easily use a legitimate port to send illegitimate traffic. For that reason, organizations must add additional layers to better protect access to the network.
- IDSs: IDSs add nuance to a firewall, scanning networks for potentially malicious activity and reporting their findings back to a security officer. But these systems alone lack the intelligence needed to catch breaches before they wreak havoc and by themselves might not even provide the same protection as a firewall.
- IPSs: IPSs add an extra layer of protection to traditional firewalls and IDSs. They examine network traffic flow by identifying malicious activity, blocking it, recording information about the incident, and reporting it to security teams. These systems look at each packet’s contents and use time correlations to determine threats. They work at a level above traditional firewalls by assessing the traffic that the firewall lets through and confirming the legitimacy of the information. IPSs can work in tandem with firewalls to ensure the traffic admitted by the firewall is legitimate.
IPSs are more intelligent than IDSs, and can be configured to open up more bandwidth for an organization by limiting specific traffic. For example, one university used an IPS to cut out peer-to-peer sharing on its network and limit the number of illegal music and movie downloads. The system not only helped the university avoid lawsuits, but also increased its overall bandwidth for students using the network for academic pursuits. In another example, a business set limits on YouTube traffic to avoid network slowdown due to too much video watching. Additionally, IPSs have failover capabilities that maintain users’ access to the network even if the system fails or dies.
IPSs are a key piece in the network security pie, adding more dynamic data protection and keeping organizations safe from costly breaches. Yet not all companies understand the high-level benefits of IPSs. Most organizations have firewalls in place to protect their data or rely on IDSs to scan network activity, but few hold the final piece to the security puzzle — IPSs.