IPS and IDS
click to edit
click to edit
Characteristics: - An IPS, on the other hand, takes action itself to block the attempted intrusion or otherwise remediate the incident.
Characteristics: -An IDS is designed to only provide an alert about a potential incident, which enables a security operations center (SOC) analyst to investigate the event and determine whether it requires further action.
click to edit
Advantages IDS:
No impact on network
No network impact if there is a sensor failure
No network impact if there is a sensor overload
click to edit
click to edit
More vulnerable to network security evasion techniques
Response action cannot stop trigger
Correct tuning required for response actions
Disadvantages IDS:
Some impact on network
Sensor issues might affect network traffic
Sensor overloading impacts the network
Disadvantages IPS:
Example of IPS:
Cisco NGIPS
Corelight and Zeek
Fidelis Network
Snort
Example of IDS:
Snort.
Zeek.
Suricata.
Sagan.
click to edit
Advantages IPS:
Stops trigger packets
Can use stream normalization techniques