Do you remember when we recently talked about IDS (Intrusion Detection System)? Well, today the topic of our article is IPS, that is, intrusion prevention systems for the cybersecurity area. After all, what is the purpose of an IPS?
An Intrusion Prevention System is a network security equipment or software that monitors network traffic for the purpose of detecting malicious activity.
The system can take preventive measures to prevent these activities from occurring. An IPS not only detects potential threats, as an Intrusion Detection System (IDS) does, but also has the ability to automatically block or mitigate attacks.
Main Features of an IPS
- Real Time Traffic Monitoring
- Automatic Threat Blocking
- Exploit prevention
- Event correlation
- Alerts and notifications
With this set of actions, the data collected by an IPS can also be important for defining the best security policy.
Types of IPS
- Network-based IPS (NIPS)
- Positioned in strategic areas of the network to monitor and analyze network traffic in real time. It is usually located behind the firewall.
- Host-based IPS (HIPS)
- Installed directly on devices or servers. Monitors and analyzes the behavior of the operating system and applications to analyze malicious activities.
When it comes to IPS solutions, in the open source area, the highlight goes to the popular snort and suricata.
Source: pplware.sapo.pt