INTRUSION PREVENTION SYSTEM (IPS)
Intrusion Prevention System (IPS) is a network security and threat prevention technology examining network traffic to detect and prevent vulnerability abuses. Abuse of vulnerabilities generally occur in the form of cutting inspection of an application or a system and create malicious input. Following a successful attack, the targeted application can be deactivated (denial of service) by the attacker or the attacker may access to all rights and permissions of the system/application seized.
IPS provides a complementary analysis and security layer by being placed in the direct communication network between the source and target. Thus, automatic actions such as alerting the administrator, rejecting malicious packs, blocking traffic from source address and resetting connection can be taken.
IPS detects a possible attacking traffic to be blocked by different methods. Signature-based detection is one of these methods. Another method is Anomaly Detection. IPS, thanks to anomaly detection function, can compare the previously-calculated basic performance level to randomly observed network traffic samples and take action against the network traffic activity beyond basic parameters.
Although IPS is integrated into UTM and NGFW solutions, it is deployed separately in order not to compromise performance for corporate structures, integration for integrated security approach and additional security measures which cannot be provided when operated as a component.