IDS & IPS

IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) are two types of cybersecurity technologies designed to detect and prevent unauthorised access to a computer network or system.

An IDS is a software or hardware system that monitors network traffic for signs of suspicious activity or patterns that indicate a potential attack. It analyses network traffic in real-time, compares it against a set of rules or signatures, and raises alerts if it detects any suspicious activity. The IDS does not actively block traffic but rather sends alerts to the network administrator or security team to take action.

An IPS, on the other hand, is a more advanced system that not only detects suspicious activity but also takes proactive measures to prevent an attack. An IPS uses a combination of signature-based detection, behavioural analysis, and anomaly detection to identify potential threats. If an attack is detected, the IPS will block the traffic and prevent it from reaching the target network or system. In some cases, an IPS can also respond by resetting the connection or blocking the source IP address.

IT for Business recommends the use of both IDS and IPS as two cybersecurity technologies that help protect computer networks and systems from unauthorised access.