Intrusion Prevention Vs Intrusion Detection

john-schnobrich-520019-unsplash

Both a NIDS AND NIPS safeguard against intrusions.  The major difference is that a NIDS alerts you to the intrusion and a NIPS tries to block the intrusion.  The Intrusion prevention system can use various methods to find intruders such as:

Signature based – Looks for identical signatures on the network

Anomaly based – Looks for differences from the baseline

Behavior based – If a user is displaying certain behaviors the IPS will be alerted

Heuristic based – This IPS is intelligent and determines what is and is not an intrusion through AI.

Intrusions that in fact are not intruders happen within an IPS (FALSE POSITIVES).  To prevent this ensure IPS is always kept up to date

Want To Learn More?

Leave a Reply