Q

Making the case: Mobile IDS/IPS vs. traditional IDS/IPS

What's the difference between mobile IDS/IPS and traditional IDS/IPS? Expert Brad Casey discusses the value proposition for enterprise deployment.

This Content Component encountered an error

I'm researching an intrusion detection and prevention system that helps keep mobile devices safe by using network traffic behavior monitoring. In what cases would this be beneficial over a traditional network IDS/IPS?

Ask the Expert

Perplexed about network security? Send your network security-related questions today! (All questions are anonymous)

In short, traditional network IDS/IPS and mobile IDS/IPS are used in completely different ways. For example, a traditional IDS/IPS is typically installed at or near a network's gateway in order to inspect every packet that enters and exits the network. When a packet or set of packets that fits a pre-defined signature crosses its path, the packet can be either dropped or blocked.

In the case of mobile IDSes/IPSes, the majority of these systems reside on the mobile devices themselves, while a portion (usually the scanning engine) resides in the cloud. Once such a product is deployed, it begins learning the behaviors and tendencies of the mobile device that it is installed on, along with those of the mobile device's owner. Therefore, it may be said that it is providing a heuristic security approach to its mobile device customers.

A typical day in the life of a mobile device may result in it entering and exiting any number of different networks, all with different security postures and different gateway security deployments. For example, a device may log into a coffee shop network in the morning. Two hours later, the same device may log into a corporate Intranet. Afterwards, the device may simply communicate via cellular signal. Then at the end of the day, the device may log into its owner's personal Wi-Fi network.

As this example illustrates, protecting mobile devices with traditional IDSes or IPSes is only partially feasible and depends greatly on the network environments that each device is exposed to. It would be greatly beneficial for mobile devices that connect to multiple networks to have a mobile IDS in place that will offer a far more comprehensive security posture.

This was first published in February 2014

Dig deeper on Network Intrusion Detection (IDS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close