Intrusion Detection Prevention

By Lisa Gecko

Intrusion detection and prevention systems (IDPS) are a more recent development in IT security, and an important one considering that even the most up-to-date firewalls are not designed for certain types of threats. A well-implemented IDPS is important for any organization that communicates via the internet, whether their data centers are in-house, solely residing in the cloud, or a hybrid of the two. For companies looking to take advantage of everything that the cloud has to offer, it is important to work with cloud service providers (CSPs) that offer the very best security measures as part of any package. The upper echelon of CSPs will have state-of-the-art IDPS hardware protecting the client at all times, therefore it is important for businesses looking to utilize cloud solutions to work with a CSP that has made the necessary investments in IDPS security measures.

Another factor to consider when looking to cloud-based solutions is expense. High-end IDPS hardware is far too costly for most corporations to afford, so many companies choose to take the risk of relying on firewalls that are not capable of handling for example, the latest types of malware attacks. Working with CSPs that have dedicated IDPS hardware, companies have access to this infrastructure to significantly improve their security, without incurring the debt. Not to mention the vast increase in computing power and service flexibility.

To understand the difference between a firewall and IDPS it helps to visualize the firewall as if it were the company building. The building has entrances and exits and the security checks at various points provide different levels of access. The problem is, the firewall does not look at what anyone is bringing with them into or out of the building. If they adhere to the proper protocol, then as far as the firewall is concerned, everything is fine. This is where IDPS picks up the slack. An IDPS can monitor data in an entirely different and expanded way, exposing, logging, and eliminating threats lurking outside or above the firewall protocol layer. Also, a well-implemented IDPS understands over time what “normal” network traffic looks like, and is able to identify anomalies and take the necessary actions to eliminate the threat.

To expand a bit further, an IDPS will act like heightened security outside the building. It will act in some ways just like the firewall, but it will also be able to “sniff” out undesirables by constantly scanning all traffic coming to and from the network all the way up to the application layer. It has this ability because for one, just like human security, an IDPS goes through a learning period where it identifies normal activity and over time is able to spot malicious intent that the firewall would miss. This can help with the protection from radically new malware or “zero hour” threats.

There are some additional fiscal advantages beyond the expensive IDPS hardware involved with a move to cloud-based solutions. Even if the hardware were an affordable in-house option, there would most assuredly be extensive capital costs involving maintenance and support. Security engineers with the level of expertise required to monitor and fine-tune the IDPS alone would be a costly venture. By moving data centers to the cloud, companies can reap the benefits of working with a CSP that has the knowledge, experience, and hardware while incurring a fraction of the cost.

When considering the ever-changing landscape of internet security, it must seem at times for executives in charge of making important IT decisions, quite maddening. While it is only a matter of time until cloud solutions are the norm, the jump for many companies can be understandably daunting. One important thing to consider is whether or not a CSP has made investments in security measures that would not be affordable to the organization otherwise. There is a range of quality with CSPs just like any other business, and the few that remain at the top have continued and will continue to invest heavily in the latest IDPS hardware as well as all other next-generation security.