In the ever changing field of cybersecurity, understanding industry terms and technologies is required. Two technologies included in this category are [Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).IT professionals should know the difference between the two and how they operate. This knowledge is needed to keep your network secure from hackers.
IDS and IPS systems are two parts of network infrastructure that detect and prevent intrusions by hackers. Both systems compare network traffic and packets against a database of cyber threats. The systems then flag offending packets.
The primary difference between the two is that one monitors while the other controls. IDS systems don’t actually change the packets. They just scan the packets and check them against a database of known threats. IPS systems, however, prevent the delivery of the packet into the network.
IDS and IPS definitions:
- Intrusion Detection Systems (IDS): IDS systems monitor and analyze network traffic for packets and other signs of network invasion. The system then flags known threats and hacking methods. IDS systems detect port scanners, malware, and other violations of system security policies.
- Intrusion Prevention Systems (IPS): IPS systems reside in the same area as a firewall, between the internal network and the outside internet. If the IDS system flags something as a threat, the IPS system denies the malicious traffic. If the traffic represents a known threat in the databases, the IPS will shut the threat out and not deliver any malicious packets.
Some manufacturers of IDS and IPS technologies merge the two into one solution. This solution is known as Unified Threat Management (UTM).