Cyberattacks and Intrusions are becoming increasingly common and sophisticated as time progresses, with attackers employing increasingly sophisticated means of evading network and system security, with the intent of installing malicious software, exfiltrating data or performing malicious actions.
All of these pose serious ramifications for the systems and networks involved if undetected.
The first line of defense in defending against these attacks lies with Intrusion Detection and Prevention Systems (IDPS). An IDPS continuously monitors network traffic for signs of a possible attack.
When it detects potentially dangerous activity, it takes action to stop the attack by dropping malicious packets, blocking network traffic or resetting connections.
The IDPS also usually sends an alert to security administrators about the potential malicious activity.
Today’s IDPS solutions generally use two different techniques for identifying when an attack might be taking place:
It looks for signs of known exploits. When it finds activity associated with a previously identified attack, it takes action to block the attack.
This type of detection is similar to traditional antivirus technology in that it can only stop attacks that have already been identified.
The downside is that it cannot identify or prevent new types of attacks that haven’t been seen before.
An IDPS that uses this technique will compare current network activity to what is normal. When it finds an aberration, it can send an alert or take other preventive measures.
The value of this approach is that it can find zero-day attacks, but the drawback is that it can result in false positives.
Some newer technology uses artificial intelligence and machine learning algorithms to help establish the baseline of normal activity and reduce the number of false positives.
Intrusion detection and prevention systems (IDPS) inform IT administrators and security staff of anomalies and attacks on IT infrastructure and applications. They can detect malware, socially engineered attacks, and other web-based threats.
Many IDPS solutions incorporate both signature-based detection and anomaly-based detection in order to take advantage of the benefits of both techniques.
Some newer technology uses artificial intelligence and machine learning algorithms to help establish the baseline of normal activity and reduce the number of false positives.
The technology can also provide preemptive intrusion prevention capabilities for internal threats and potentially compromised systems, allowing the system to respond and take immediate remedial action, to prevent exploitation of networks and underlying systems.