What is IPS?
IPS in a nutshell is designed to monitor your network for any malicious activity or traffic, which in turn blocks this.
Utilising IPS in conjunction with SASE framework/architecture allows Enterprise’s to secure the network using the Cloud infrastructure.
IPS as part of SASE provides security no matter where you are working from, such as office locations, home worker or HQ.
Signature based IPS 😎
Signature based IPS relies on database with well known malicious activities, the signatures are always being updated, so should there be a match with the specific signature IPS will attempt to block this type of activity. Signature IPS has its limitations when dealing with sophisticated attacks.
Network Anomaly IPS 👨💻
Anomaly IPS helps solve signature based IPS by essentially measuring the network and analysing what a day to day ‘normal’ network looks like. Creating a baseline of what is expected, this then allows anomaly IPS to detect any malicious activity.
Behaviour Based IPS
Behaviour IPS looks at the network traffic to see if there are any potential possibilities of security threats, whether it’s a file or application attempting to communicate with any well known IP addresses that can cause security threats.
The advantage of using IPS with SASE, this allows Enterprise’s to view and detect any threats in the Cloud without relying on physical boxes terminated at the network perimeter.
I have a post in how to configure IPS/IDS, link below: