Protecting your business assets is becoming more complicated as applications become more dynamic and as more users access on-premises and cloud-based resources from mobile devices.
Old-school signature-only detection products lead to a one-dimensional approach. You need an IPS solution to identify and mitigate attacks with context-aware threat prevention that augments your firewall and VPN deployments.
You also need a powerful solution that incorporates capabilities for regulatory compliance. They can help you meet PCI DSS, HIPAA, SOX, GLBA, NERC CIP, FISMA, and other business-critical security standards. Planning a secure environment, will naturally help you maintain compliance.
IPS devices are also known as Intrusion Detection Devices (IDS), however you will want to have this device configured in Prevention (IPS) mode. These are network devices that use advanced technology on top of the basic firewall features to look for, block and log malicious activity.
For example IPS devices can block malware from being download in-line at the firewall. It can also block access to known bad sites which are known to host malware. IPS devices leverage definitions which are updated daily as well as statistical anomaly based detection. This works in an analogous fashion as anti-virus software, but more powerful, more proactive and with higher visibility on your network.
IPS is no longer optional. It is now a common best practice security technology needed to keep up with malicious activity and block hackers. Most firewalls have IPS features built in, which is great for SMBs and Mid-Market organizations with modest security budgets.
Implementing IPS on a firewall can be a headache without the right implementation and product vendor. There are many configuration settings that must be set correctly to avoid issues. You need a device that determines the best response by looking at multiple factors, including the network reputation of an incoming flow’s source, the target’s value to the organization, the target’s operating system, and the user identity associated with the flow.
The last line of defense within an IPS device requires high processing power, in general. Be sure to pick a vendor that leverages intelligent means to block the most obvious malicious traffic before it reaches the last line of defense in the IPS module. This defense-in-depth architecture is critical in order to maximize performance and throughput on your firewall/IPS hardware.