Tip

Webcast Q&A: IDS vs. IPS

Crystal I. Ferraro, Site Editor

Gartner's announcement that intrusion-detection systems (IDS) will soon be dead and intrusion-prevention systems (IPS) will replace them created quite a tumult in the security industry. In the SearchSecurity webcast IDS vs. IPS: Which is better?

    Requires Free Membership to View

speaker Ed Yakabovicz, Information Security Officer for Bank One, offers some insight as to what the future holds for the technologies. Here, Ed answers questions submitted by users during the webcast. Ed is also available to answer your questions via SearchSecurity's Ask the Expert feature.

Some IPS and intrusion-prevention appliances are Layer 2 devices that are intelligent enough to learn and configure themselves. These devices do not require complicated set up and tuning. Will these types of devices compete with IDS and other types of IPS?

Although Layer 2 devices are excellent security tools, they are still only one device that must exist in layered security architecture. Once they are incorporated into the IPS methodology they will be even more valuable. Remember, one device can't do it all no matter what the sales folks say!


Can an IPS be defined as an IDS with a firewall fully integrated and the option of dynamic rules allocation?

This is almost the case. What is missing is the full integration across the network with inside and outside devices. Artificial Intelligence is also suppose to be better in IPS than other systems because it sees all network traffic, not just inbound.


If neither product is installed at my company, which one should I start with?

IDS is a great start because it's cheaper and more mature. There are drawbacks with IDS, but most can be overcome with training and monitoring.


Many IDS offer the option to reset or block further TCP connections by adding ACLs in the router or firewall. How is this operation different from IPS operation?

IPS will look at the system as a whole, not just the connection from the firewall to, say, a router. IPS will evaluate each packet at all points within the network, not just at one point. Think of IPS as having checkpoints at ALL your network devices, not just the router and firewall.


Are there any hardware differences between IDS and IPS as the functionality is mainly to be achieved by the right configurations?

Hardware is hardware as long as it can handle the network speed.


How will IP Version 6 affect IDS and IPS? Will it make IDS redundant or impair the benefits of IPS?

IP V.6 will enhance IPS by allowing more data and information in the IP packet.


In summary, which technology are you recommending – IDS or IPS?

IDS until IPS is in the next generation and the cost comes down. The industry as a whole must accept, advance and train on this new topic. It does no one any good unless we all know how it works and how to use the products.



For more information on this topic, visit these resources:

This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.