An Intrusion Prevention system (IPS) is helps organizations in identifying malicious traffic and proactively blocks such traffic from entering their network. Products using IPS technology can be deployed in-line to monitor incoming traffic and inspect that traffic for vulnerabilities and exploits, and if detected then take appropriate action as defined in the security policy such as blocking access, quarantining hosts or block access to external websites that might result in a potential breach.
|
FortiGuard offers a comprehensive security-driven network security service that delivers an industry-validated IPS service to enterprises. Purpose-built for enterprises and designed to deliver superior security efficacy and the industry’s best IPS performance. Powered by the AI/ML-driven threat intelligence from FortiGuard Labs.
VoirAn IPS security service is typically deployed “in-line” where they sit in the direct communication path between the source and the destination, where it can analyze in “real-time” all the network traffic flow along that path and take automated preventive action. The IPS can be deployed anywhere in the network but their most common deployments are:
An IPS can be deployed as a best of breed, standalone IPS or the same capability can be turned on in the consolidated IPS function inside a next-generation firewall (NGFW). An IPS uses signatures which can be both vulnerability or exploit specific to identify malicious traffic, Typically, these are either signature-based detection or statistical anomaly-based detection to identify malicious activity.
Once IPS identifies the malicious traffic that can be network exploitable it deploys what is known as a virtual patch for protection. Virtual patch, acts as a safety measure against threats that exploit known and unknown vulnerabilities. Virtual patch works by implementing layers of security policies and rules that prevent and intercept an exploit from taking network paths to and from a vulnerability, thereby offering coverage against that vulnerability at the network level rather than the host level.
While IDS systems monitor the network and send alerts to network administrators about potential threats, IPS systems take more substantial actions to control access to the network, monitor intrusion data, and prevent attacks from developing.
IPS was the evolution of Intrusion Detection System (IDS). IDS technology uses the same concept of identifying traffic and some of the similar techniques with the major difference being that IPS are deployed “in-line” and IDS are deployed “off-line” or on tap where they still inspect a copy of the entire traffic or flow but cannot take any preventive action. IDS are deployed to only monitor and provide analytics and visibility into the threats on the network.
FortiGuard IPS security service is available for NGFW (hardware, virtual machine, as-a-service) FortiClient, FortiProxy, FortiADC and our Cloud Sandbox. Add our OT and IoT services to get even more granular protection for operational technology and IoT devices.
FortiGuard IPS with NGFW offers the following:
