Notice on purchasing Intrusion Detection System and Intrusion Protection System

Nowadays, enterprises have many choices to protect the network from external attacks. For example, firewall is a good choice. In most cases, it can distinguish abnormal data packets, therefore, we can take timely measures to prevent problems before they happen.

However, for most enterprises, IDS is the best choice to completely isolate potential threats. Intrusion detection and defense are generally used together with the enterprise's first firewall, which includes the following two basic layers:

Intrusion Detection System (IDS): This system analyzes incoming traffic to find abnormal conditions. If the intrusion detection system detects abnormal traffic, it will send an alarm to the Administrator, so that the administrator can take timely measures to stop ongoing abnormal behavior. In addition, the intrusion detection system also prohibits some automatic running functions on the network to protect the network.

Intrusion defense system (IPS): the intrusion defense system is similar to the intrusion detection system, however, IPS generally immediately blocks threats, such as timely blocking access to an IP address or user, rather than simply issuing alerts. Some IPS products also use behavior analysis to detect and block potentially threatening data. IPS is generally regarded as an active system, which corresponds to IDS. IDS generally takes passive actions.

IDS and IPS products have rich configurations to meet special intrusion detection needs. The following are some industry-leading intrusion detection products:

Network Intrusion Detection and defense (NIDP): This is the most common use of intrusion detection and defense system technology to provide network-level protection. Generally, installing a single IDS or IPS on a large network port can scan all traffic, but such a design method will reduce the performance of the entire network, this is at the cost of network performance. Therefore, in order to effectively monitor the traffic of various devices on the network, it is still normal to deploy intrusion detection and defense at different levels of strategic points on the network.

Host Intrusion Detection and defense (HIDS): Some enterprises install these systems on critical hosts or devices in the network. This intrusion detection system detects the information package of the stream and the inbound stream-but only detects the traffic flowing through the devices that install these systems.

Feature-based intrusion detection and defense system (SBIP): this intrusion detection system is very effective for detecting viruses or other forms of malware. This product compares all incoming traffic with the known threats in the database and then draws a conclusion. Similar to anti-virus software, this technology relies on Virus Characteristics and cannot cope with endless "zero-day attacks. However, it is quite satisfying in dealing with known threats, so it is quite popular.

Abnormal behavior-based intrusion detection and defense (ABIP): People regard this intrusion detection and defense as a natural suspect. Because they are abnormal in normal behaviors. It provides continuous detection of network traffic and then compares it with known normal behaviors. Any network bandwidth, connection port, or device related to abnormal behavior will trigger an alarm and take appropriate measures to ensure the health of the entire network. It can effectively cope with DDoS attacks faced by enterprises. Such attacks may lead to a large number of computers accessing the same website and paralyze websites.

There are many such products available on the market, and there are some differences between various products. Enterprises must not blindly act when purchasing products; otherwise, they will be counterproductive. Select the product that best suits the Enterprise. Not the most expensive, but the most suitable. Some large manufacturers, such as IBM, Cisco, TippingPoint, And Juniper, are good choices for domestic vendors such as Qiming Xingxing, lumeng technology, H3C, open-source IDP product SNORT, And Prelude Hybrid IDS. The final choice of intrusion detection products also requires the user to choose according to their actual situation.