IPS vs. IDS and why it’s important

The IT world is full of crazy acronyms… well, I couldn’t get two words into this blog without using one!  However, a common conversation we have have with clients involves the difference between IPS and IDS – an Intrusion Prevention System versus an Intrusion Detection System.

First, a little context – any business that connects to the internet has a firewall in place.  As most know, a firewall is a device or application that analyzes information passing to and from the internet and enforces policies based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected, helping to protect the digital assets of the company stored behind the firewall.

However, hackers value that data, and that firewall is perpetually under attack by those looking to access that data.  As a result, an early solution was to implement an Intrusion Detection System (IDS) as part of the firewall’s service.  IDS analyzes network traffic looking for known events that could indicate a potential threat. When a known event is detected, a log message is generated detailing the event.

The flaw of IDS is that it’s solely a notification.  Who receives it, and who acts upon it?  Human interaction is required, and as a result, there were many company who charged their clients a fortune to have a human monitor firewall traffic 24 x 7 x 365, waiting for the IDS notification that may never come.

However, what if that system can be made smarter?  What if instead of just generating a notification of a potential threat, the thread could be identified and mitigated without human interaction?

Welcome to an Intrusion Prevention System (IPS)!  IPS analyzes traffic, and when a threat is detected, the traffic is rejected without human intervention required.

Suite3’s preferred firewall solution from Fortinet has featured IPS for over 10 years – check out the Fortinet site for more info on the technology behind their IPS solution.