• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Cybersecurity  /  How do Intrusion Detection/Prevention Systems work?
The-basics-of-Intrusion-Detection
23 December 2019

How do Intrusion Detection/Prevention Systems work?

Written by Seqrite
Seqrite
Cybersecurity
Estimated reading time: 3 minutes

Enterprises mainly use two types of systems to deal with network intrusions – Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). While the two systems are primarily similar, it is important to understand the major aspects which distinguish them.

Intrusion Detection Systems (IDS) operate through a process where events on the network are monitored and analyzed to detect possible incidents of trespassing or violation of security markers. This is mainly a reactive process where all incoming and outgoing network activity is monitored and any signs of intrusion in the systems that could jeopardize the business are flagged. Its main function is to raise an alert when it discovers any such activity and hence it is commonly known as a passive monitoring system.

IDS uses the following techniques to detect attacks –

Signature-Based Detection

Through this method, IDS detects an attack with a pattern or signature that corresponds to a known type of attack — signatures are compared to past observed events to identify a possible attack. For example, an IPS system would flag an email with a subject line like ‘Free pics’ as it is a known signature of malware. This kind of detection is effective for detecting attacks that are logged in the system.

Anomaly-Based Detection

In the Anomaly-Based Detection method, IDS matches network activity against a normal profile of activity. When network activity is observed that is anomalous to this normal profile, the system can flag it. For example, IDS will detect an incident when it observes large amounts of data, flow on a network which is considerably higher than the normal pattern. However, in this type of method, the profile must be continuously updated as false positives may occur.

Intrusion Prevention Systems (IPS) are a step forward from IDS in terms of capabilities. Where IDS is a reactionary mechanism, IPS is proactive and attempts to go one step ahead of detection, actively seeking to prevent the detected threat from succeeding. It is an active control mechanism that monitors the network traffic flow. It identifies and averts vulnerability exploits in the form of malicious inputs that intruders use to interrupt and gain control of an application or a system.

IPS technologies attempt to stop a detected attack from succeeding through some of the below actions:

Terminating network connection

The IPS can attempt to stop a detected attack within the network by terminating the connection being used for the attack and access being blocked to the target from the offending account.

Automating security controls

On detection of an attack or vulnerabilities within a host, an IPS can attempt to prevent damage by applying some preset automated security controls by downloading of patches or reconfiguring the settings of a firewall.

Attempt to make the attack benign

An IPS can attempt to tackle an attack by trying to make it benign, like removing a malicious attachment from a mail.

Seqrite’s Unified Threat Management (UTM) offers a one-stop solution for all enterprise security needs which includes intrusion detection and prevention as a standard feature.

UTM’s in-built IDS and IPS components keep enterprises safe by:

  • Monitoring, evaluating and catching threats in real-time
  • Preventing Denial of Service (DoS)/Distributed Denial of Service (DDoS) attacks
  • Preventing the discovery of open ports by attackers

Seqrite UTM’s IPS acts as a security barrier against unwanted intrusions into your network and forestalls a broad range of DoS and DDoS attacks before they penetrate the network. Deploying this level of protection can benefit an enterprise in various ways, including:

  • Providing a snapshot of network security at one glance
  • Protection of enterprise assets within the network
  • Triggers raised on detection of any suspected breach or activity in the network
  • A holistic approach towards prevention of intrusions

 Previous PostWhat are the different techniques of intruding networks?
Next Post  Black Hat Hackers & White Hat Hackers – The Sequel
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Protect enterprise endpoints against their use for illicit activities

    Defend your business systems from being used for illegal purposes

    March 23, 2021
  • New Spear Phishing Campaign using Army Welfare Education Society's Scholarship Form

    New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form

    March 22, 2021

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form March 22, 2021
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017
  • Nation-states shoot from somebody else’s shoulder Nation-states shoot from somebody else’s shoulder March 10, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • How to avoid dual attack and vulnerable files with double extension?

    How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    April 4, 2021
  • Zloader: Entailing Different Office Files

    Zloader: Entailing Different Office Files

    March 23, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (10) Bitcoin (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (284) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (14) EPS (9) Exploit (12) firewall (11) GDPR (10) IoT (10) malware (59) malware attack (23) malware attacks (12) MDM (25) Network security (18) Patch Management (12) phishing (17) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite Workspace
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.