Wireless providers are rolling out 5G to power an IoT (Internet of Things) world. The Ericsson Mobility Report, released in November 2021, estimates that by 2027 half of all global mobile subscriptions will be 5G. While faster than ever connectivity and lower latency are welcome, 5G comes with new threats and cybersecurity risks businesses need to know about.
Fortunately, Intrusion Detection Systems and Intrusion Prevention Systems — or IDS/IPS — are invaluable, readily available network security tools for mitigating malicious traffic and suspicious activity. And the benefits of IDS/IPS aren’t limited to vulnerabilities associated with 5G. Read on for a look at how your business can make an Intrusion Detection System and Intrusion Prevention System part of your security management.
While faster than ever connectivity and lower latency are welcome, 5G comes with new threats and cybersecurity risks businesses need to know about.
First things first: IDS and IPS are actually two different things. Intrusion Detection Systems analyze network traffic to identify signatures matching known cyberattacks. Intrusion Prevention Systems analyze packets, too, but they go a step further by stopping packet delivery based on attack type.
The result? Attack thwarted!
Intrusion Detection Systems can be hosted at the network level or host level and detect anomalies that identify bad actors before a network is damaged. They do this by trying to match known attack signatures to the traffic being monitored and trying to identify deviations to normal activity. This process allows the IDS to proactively detect DoS attacks and other threats.
Host-based intrusion detection systems are installed on a client computer, while a network-based IDS operates on the network. A network IDS can be deployed as a software application to run on hardware — either a server or a network security appliance — but cloud-based IDS is increasingly popular for its ease-of-use.
IPS solutions, like IDS systems, monitor network traffic for policy violations, malicious activity, and other threats.
The addition of Security Information And Event Management (SIEM) software to an IDS enables network administrators — often part of a company’s Security Operations Center (SOC) — to identify attacks before or as they occur, allowing for faster response times.
And how does an IPS work? IPS solutions, like IDS systems, monitor network traffic for policy violations, malicious activity, and other threats. An IPS has additional threat management value because it also responds to, and stops, threats in real time. Like IDS, IPS can be network-based or host-based. IPS, unlike IDS, can be configured with policy-based rules and “if-then” actions to take when an anomaly is detected.
Intrusion detection systems are distinguished by the detection methods they employ to identify security threats. The most common IDS types are:
An IDS passively monitors a network for threats, and an IPS actively stops threats.
There are a few types of intrusion prevention systems, too, the most popular being:
The natural follow up question many people have is: Do you need both intrusion detection and prevention systems?
An IDS passively monitors a network for threats, and an IPS actively stops threats. Ideally you want to stop threats; not just identify them. Then why would anyone choose to use an IDS without an IPS? According to OWASP, the primary reason some organizations opt for IDS rather than IPS is that, “... in the event of a false positive (normal activity mistakenly identified as an attack), an IPS will actively stop the normal activity which is likely to negatively impact business functions.” Obviously false positives can be inconvenient, but as OWASP points out, “... with the right amount of overhead, false positives can be successfully adjudicated; false negatives cannot.”
And what's a false negative? OWASP defines a false negative state as, “... the most serious and dangerous state. This is when the IDS identifies an activity as acceptable when the activity is actually an attack.”
"...with the right amount of overhead, false positives can be successfully adjudicated; false negatives cannot."
- The Open Web Application Security Project (OWASP)
This is a common question as well. The answer is that the third generation of firewall technology, commonly known as next-generation firewall (NGFW), combines a traditional firewall with other network traffic filtering functions. One of those functions? An intrusion prevention system.
Are you already using OpenVPN Cloud? If so, you have IDS/IPS at your fingertips (literally). OpenVPN Cloud includes Cyber Shield Traffic Filtering.
Not using OpenVPN Cloud yet? Get your three free connections here.
We looked at the different types of IDS/IPS above — so what kind is Cyber Shield? Well, it operates on a network, so it is a NIDS. And, because it uses signature and anomaly detection, it’s SIDS and AIDS, too.
Included with OpenVPN Cloud at no extra cost, Cyber Shield Traffic Filtering is an easy-to-use, customizable IDS/IPS feature that protects remote access with:
Cyber Shield fortifies protection by letting network admins decide which threats to block. And because cyberthreats are continually evolving, it includes easily accessible reporting with insights that make it simple to fine-tune security measures to mitigate threats.
Built-in IDS/IPS for Effective, Efficient Intrusion Detection and Prevention: Traffic Filtering automation for reliable protection against malware and ransomware, denial of service, phishing, known threats, and vulnerabilities/exploits that may be overlooked by other security layers or solutions, and before it reaches other security controls.
Multi-pronged Threat Detection and Blocking: The Traffic Blocking feature detects and blocks network threats by category or Threat Level (Levels 1 thru 3).
Ready to take advantage of the Cyber Shield IDS/IPS feature? Step-by-step instructions are available here.