Integrity360’s Managed Intrusion Prevention Systems (IPS) and Managed Intrusion Detection Systems (IDS) prevent and detect intrusions from unwanted and potentially harmful traffic on a company’s network. Where firewalls look at traffic alone, an IPS/IDS looks at the content within the traffic and takes action.
Integrity360's Managed IPS
- Detect signs of intrusion in networks/systems and take action
- Analyses traffic and automatically carries out predefined actions if something suspicious is detected. Actions include: drop traffic, block traffic, allow.
- It may block by default
- Managed IPS requires tuning on a regular basis to ensure the system knows what to look for; to ensure that legitimate traffic is not being blocked
- Over time there will be fewer alerts as the Managed IPS fine tunes to what is expected.
Integrity360's Managed IDS
- Monitors logs and send alarms – does not automatically fix. An Integrity360’s security analyst analyses the logs and decides if it is a real risk or a false positive, and if real, how it needs to be actioned.
- This service is very hands on and more intensive than IPS.
- Managed IDS doesn’t block by default.
- Managed IDS requires more skilled people to monitor the logs on a regular basis.
IPS/IDS can generate large numbers of alerts, even when consistently tuned. These alerts need to be monitored continuously to ensure they are escalated and investigated further when necessary and also that alerts are dismissed in the event of a false positive.
A huge amount of research is required to determine the status of alerts and gauge if they are suspicious or not. The key to keeping alerts within manageable levels is continuous tuning to remove false positives.
This depends on your risk profile, how sensitive your data is, what you are protecting and the size of your business. Every enterprise company should have an IPS in place as it’s the next line of security after Firewalls and Antivirus.
We would recommend this service if you answer NO to any of the following questions:
- Do you maintain your logs for six months?
- Do you monitor your logs?
- Do you understand your logs?
- Can you report on the traffic entering your network?
Strengthens your defences
Stops common attacks
Produces reports based on an analysis of your network. We also understand your logs and can take the necessary action.
Complements firewall protection, further securing your network