Intrusion Prevention Systems (IPS) have been with us for quite some time. Over the decades, technology has evolved. A great distinction has already been made between IPS and Intrusion Detection Systems (IDS). These days, both tend to be included in the same product.
IPS therefore relates to software or hardware that provides network security by preventing hackers from breaking in. These tools continuously monitor network activity. They look for suspicious and malicious activity and take action to detect and prevent incursions or damage. As such, there is different ways to implement IPS Technology.
Here are five of the key trends in the IPS market:
1. AI integration
Artificial intelligence (AI) pervades every aspect of life. And it also filters in a wide range of security tools. This includes the IPS.
AI takes much of the drudgery out of IPS, as it automates many detection steps by being able to detect abnormal network behavior and save time going through logs.
“AI has an important role to play in cybersecurity because it relies on the expertise of its designers to generalize their knowledge and automate decision-making,” said Adam Spotton, data science manager, DNS filter.
“However, AI is not something that can be easily deployed as an out-of-the-box solution. Careful consideration must be given to each step of the data collection and training process, so that the model be effective and reliable once it comes out of the lab in a real environment.These considerations include scoping the threat identification problem, collecting data to be able to train it properly, iterative testing and refinement, and l interpretation of its results.
When done correctly, AI is a powerful tool that can be used to detect not only existing threats, but also new and evolving ones.
For example, AI-based threat detection has been shown to detect over 60% more domain threats than traditional, manual static threat feeds. IPS publishers are gradually integrating AI into their tools.
2. Integration into larger suites
Just as IPS incorporates more AI capabilities, IPS tools themselves increasingly tend to be integrated into larger overall security suites.
This is part of a larger trend within security. Instead of having separate products for antivirus, anti-malware, spam detection, IPS, IDS, ransomware prevention, firewalls, threat monitoring and analytics security, vendors group them into larger suites. Security Information and Event Management (SIEM) tools, for example, have often added IPS functionality.
“With more anomalous behavior due to the shift to remote working environments, enterprises need expertise in optimizing and tuning SIEM platforms to take advantage of their advanced capabilities,” said Paul Caiazzo, strategic advisor at Avertiuma company offering managed SIEM services including IPS functions.
3. Ransomware Prevention
With ransomware becoming such a threat, organizations are beginning to realize that they need to have tools in place to prevent ransomware incursion. But if they do come under attack, they need to be able to detect the incursion as quickly as possible and take corrective action.
“The cost of an attack increases with duration, so identifying threats as early as possible is in an organization’s interest,” said Caiazzo of Avertium.
“Minimizing the impact of a successful ransomware attack requires detecting it as early in the attack as possible.”
That’s why there’s no time to jump from console to console trying to find out what’s going on. IPS functions can therefore be found in a variety of tools marketed as ransomware prevention and detection suites.
Data provided by SIEM, IPS, and other systems can be brought together to play a role in threat hunting to counter an attack, identifying potential attack vectors before they are exploited, or identifying a subtle attack in its early stages.
4. Extended Perimeter
Perimeter fenders were standard in the heyday of single-function IPS tools. As long as you watch the edge of the network and prevent anything from getting in, you could be safe. Those days are long gone.
“Many organizations employ a perimeter-focused cybersecurity strategy that has limited or no visibility or control over potential malicious traffic inside the network perimeter, a single layer of defense,” said Caiazzo of Avertium. . “This single layer can ultimately become a single point of failure in a security strategy.”
The IPS function surrounding the head office or data center remains vital. But it must be supported by a broader set of capabilities capable of handling an increasingly remote and dispersed perimeter. Thus, defense in depth has become the new norm. This requires multiple layers of security controls that improve the likelihood that if one layer is defeated another will identify and block the attack.
5. Cloud vs. on-premises IPS
Previously, IPS was installed on-premises. It was then maintained and managed by internal IT resources. There are still some everywhere.
However, cloud tools have largely taken over.
Expanded Detection and Response (XDR) suites provide broad cloud-based endpoint protection and include IPS capabilities.