Background

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

Intrusion detection is monitoring for events occurring within a network and performing analysis of the monitoring data for signs of potential incidents, threats or known vulnerabilities. Intrusion prevention is performing intrusion detection and then automatically taking actions in an attempt to protect against these events.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are a key consideration for any defence in depth network security strategy and are a requirement for a number of compliance and regulatory standards.

IDS and IPS systems go hand in hand with other services like Firewalling, Security Operations Centres (SoC) and Security Incident and Event Management (SIEM) services to ensure real-time use is being made of the data collected.

Is it right for me?

Ensuring the confidentiality of an organisations data is an ever-growing arms race with cybercriminals developing more sophisticated, complex and harder to detect methods to thwart security solutions. This often means that no single technology can offer complete protection.

IDS and IPS offer a layer in addition to other security technologies used to protect networks. In addition to an organisations existing firewalls, encryption devices, host based security and other network technologies, these services assist to increase protection while enabling the required functionality of network services. IDS and IPS solutions are constantly monitoring networks, identifying, alerting and protecting against potential events or incidents.

Protecting integrity and confidentiality of networks and data.

Why choose The Bunker?

Managed intrusion detection and prevention services provide that additional layer of reporting and protection required to provide a defence in-depth network security strategy. These services, when integrated with Security Operations Centres (SoC) and Security Incident and Event Management (SIEM) services, ensure that real-time information is being collated and acted upon when security events occur and provide forensic audit trails for post-event analysis.

With IDS/IPS becoming a necessary addition to the security infrastructure of many organisations and a requirement for compliance and regulatory standards, the in-depth working knowledge and experience of these platforms provided by the managed service is critical to ensure the correct actions are taken and systems are tuned while being maintained correctly to stop attackers from gathering information about the network infrastructure.

How IDS/IPS works

Although different offerings utilise different methods for detection, there are three common methodologies utilised to detect potential events or incidents – Signature-based, Anomaly-based and Stateful Protocol Analysis-based detection.

Signature based detection is the most basic form of detection comparing information gathered against a list of signatures looking for matches, similar to how basic Anti-Virus software looks for viruses.

Anomaly based detection monitors events against normal or learnt network patterns looking for significant changes in network behaviour. Anomaly based checking is an effective way to identify threats that are unknown and may not yet have signatures.

Stateful Protocol Analysis detection compares profiles of acceptable usage of protocols and compares each state observed to identify deviation for the profile definition of use.

Our Accreditations

  • ISO 27001
  • First
  • G-Cloud Accredited
  • ITIL Service Management
  • Microsoft Gold Partner
  • NHS IGSoC Approved
  • PCI DSS
  • PRINCE2
  • RIPE NCC Member
  • Tech UK
  • Veeam Gold Cloud & Service Provider Partner
  • PCI Participating organization
  • Dell EMC Gold Partner
  • Cyber Essentials Plus
  • AWS Select Consulting Partner