Can you explain the most common implementation scenarios for IPS vs. IDS? We're considering implementing both types...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
of systems independently, though tightly integrated. Please enumerate the advantages and disadvantages in both scenarios.
I'm not sure why you'd want to build the two systems in isolation. As you mentioned in your question, the difference between IPS and IDS systems is slight: They are extremely closely related and tightly integrated. In fact, there are few IDS systems on the market today that do not have some IPS capability. An IPS is simply an IDS deployed on the network in a fashion that allows it to block traffic.
The general IPS and IDS deployment strategy I recommend is to first deploy this type of device in pure IDS mode, without blocking any traffic. Then, after evaluating the device's performance on the network, slowly change the rules producing the best results (e.g. low false positive rates) from IDS rules that simply produce alerts, to IPS rules that block the offending traffic. Not long ago I wrote a tip on IPS best practices covering some other deployment strategies, including:
- Running the IPS in "monitor" mode until it's clear the system is properly tuned.
- Keeping the number of "block" mode rules to a small, finely tuned set.
- Considering a fail-open configuration so that if the device fails, it doesn't prevent the flow of network traffic.
Good luck with your deployment!
- Network intrusion prevention systems: Should enterprises deploy now? Read more.
- Find out more about the difference between intrusion detection and intrusion prevention.
Dig Deeper on Network Intrusion Detection (IDS)
Related Q&A from Mike Chapple
Cloud compliance issues are no reason for enterprises not to move to the cloud. Expert Mike Chapple explains why, as well as what to keep in mind ...continue reading
The GAO reported on SEC cybersecurity weaknesses, even though the SEC regulates cybersecurity. Expert Mike Chapple discusses the effects of this ...continue reading
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.