What is IDS and IPS?

Intrusion detection is the process of monitoring your network traffic and analyzing it for signs of possible intrusions, such as exploit attempts and incidents that may be imminent threats to your network. For its part, intrusion prevention is the process of performing intrusion detection and then stopping the detected incidents, typically done by dropping packets or terminating sessions. These security measures are available as intrusion detection systems (IDS) and intrusion prevention systems (IPS), which are part of network security measures taken to detect and stop potential incidents and are included functionality within next-generation firewalls (NGFW).

What are the benefits of IDS/IPS?

IDS/IPS monitors all traffic on the network to identify any known malicious behavior. One of the ways in which an attacker will try to compromise a network is by exploiting a vulnerability within a device or within software. IDS/IPS identifies those exploit attempts and blocks them before they successfully compromise any endpoints within the network. IDS/IPS are necessary security technologies, both at the network edge and within the data center, precisely because they can stop attackers while they are gathering information about your network.

How does IDS work?

Three IDS detection methodologies are typically used to detect incidents:

Signature-based detection compares signatures against observed events to identify possible incidents. This is the simplest detection method because it compares only the current unit of activity (such as a packet or a log entry to a list of signatures) using string comparison operations.
Anomaly-based detection compares definitions of what is considered normal activity with observed events in order to identify significant deviations. This detection method can be very effective at spotting previously unknown threats.
Stateful protocol analysis compares predetermined profiles of generally accepted definitions for benign protocol activity for each protocol state against observed events in order to identify deviations.