Intrusion detection is monitoring for events occurring within a network and performing analysis of the monitoring data for signs of potential incidents, threats or known vulnerabilities. Intrusion prevention is performing intrusion detection and then automatically taking actions in an attempt to protect against these events.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are a key consideration for any defence in depth network security strategy and are a requirement for a number of compliance and regulatory standards.
IDS and IPS systems go hand in hand with other services like Firewalling, Security Operations Centres (SoC) and Security Incident and Event Management (SIEM) services to ensure real-time use is being made of the data collected.
Ensuring the confidentiality of an organisations data is an ever-growing arms race with cybercriminals developing more sophisticated, complex and harder to detect methods to thwart security solutions. This often means that no single technology can offer complete protection.
IDS and IPS offer a layer in addition to other security technologies used to protect networks. In addition to an organisations existing firewalls, encryption devices, host based security and other network technologies, these services assist to increase protection while enabling the required functionality of network services. IDS and IPS solutions are constantly monitoring networks, identifying, alerting and protecting against potential events or incidents.
Benefit from our expertise in deploying and operating IDS/IDP services in many different network types
Integrated SoC and SIEM solutions
Built to compliance and regulatory requirements
Protecting integrity and confidentiality of networks and data.
Managed intrusion detection and prevention services provide that additional layer of reporting and protection required to provide a defence in-depth network security strategy. These services, when integrated with Security Operations Centres (SoC) and Security Incident and Event Management (SIEM) services, ensure that real-time information is being collated and acted upon when security events occur and provide forensic audit trails for post-event analysis.
With IDS/IPS becoming a necessary addition to the security infrastructure of many organisations and a requirement for compliance and regulatory standards, the in-depth working knowledge and experience of these platforms provided by the managed service is critical to ensure the correct actions are taken and systems are tuned while being maintained correctly to stop attackers from gathering information about the network infrastructure.
Although different offerings utilise different methods for detection, there are three common methodologies utilised to detect potential events or incidents – Signature-based, Anomaly-based and Stateful Protocol Analysis-based detection.
Signature based detection is the most basic form of detection comparing information gathered against a list of signatures looking for matches, similar to how basic Anti-Virus software looks for viruses.
Anomaly based detection monitors events against normal or learnt network patterns looking for significant changes in network behaviour. Anomaly based checking is an effective way to identify threats that are unknown and may not yet have signatures.
Stateful Protocol Analysis detection compares profiles of acceptable usage of protocols and compares each state observed to identify deviation for the profile definition of use.