IDS / IPS
The IDS is an intrusion detection system, as its name says in English “Intrusion Detection System”, it is used to detect not allowed access to a network.
The IDS has sensors that allows them to obtain data so that when the IDS detects traffic can identify through anomalies or strange behavior if it is an attack or a false positive. The mode of operation of the IDS is to analyze a very deep level all network traffic at the time that the traffic passes are already recognized with signatures of attacks and the strange behavior such as port scans for example are also controlled. This team must work in conjunction with a firewall because the IDS does not have the functionality to block an attack.
Types of IDS:
HIDS: search for data that have left attackers on a computer when they attempt to take control of it, with all the information they get draws conclusions.
NIDS: Network IDS detects attacks-wide network. You should see all traffic entering the network.
IPS (Intrusion Prevention System).
Controls access to illegitimate users by adding the ability to block attacks, not simply monitor them. You have several options to implement it, Hardware, software or any combination thereof. The IPS are categorized according to the way that detect malicious traffic:
Based on firms: compare traffic against signatures of known attacks, you must have the updated list of signatures.
Based on policies: define strict security policies, if traffic is permitted IPS allows traffic, if it is not blocking it.
Based on anomalies: This method is the one that generates more false positives because it is very difficult to be normal or standard. In this mode there are two options:
Statistical Detection Abnormalities: analyzes all traffic for a certain time, after this time creates a line of what is “normal or standard”. After finishing this period if the behavior varies a lot compared to the rule created, it is taken as a chance to attack.
No statistic Detection Abnormalities. This option Administrator defines the line of what is “normal or standard” that will be the basis for comparison of traffic.
In short, the IPS adds the ability to block attacks and also proactively protects the network while the IDS does not allow block and protects the network reactively.
Our Solutions IDS and IPS based on proprietary and open source solutions, allow to have a combination of heterogeneous, synchronized and managed system of centralized and jointly as well as integration with reconstruction of traffic, firewalls, honeypots, etc. . In addition of course to have the backing of the facilities we have done and the sites and protect infrastructure today, one of the most robust solutions on the market.