IPS technology when deployed at appropriate points in the network will scan all network traffic and report to administrators when it encounters anything suspicious.

To detect malicious traffic, IPS technology uses two main approaches. The first is signature based, which works similar to modern anti-virus technology. It scans the network traffic for known malicious traffic signatures and raises alerts and/or drops connections when matches are encountered. Vendors constantly update signature definition files to ensure security from any newly discovered attacks.

The second approach is anomaly-checking, which is based on defined protocol standards. The IPS technology examines packets for compliance to defined standards. When traffic falls outside of the "normal" scope, an alert is raised. IPS can also be configured to drop connections with malformed packets.

NetSieben provides professional services, offering suggestions on hardware and providing professional services to ensure the correct setup and deployment.

| Need Assessment | Hardware | Network Discovery |
| Configuration |

Determining what kind of IPS system is needed for the network can be quite a challenge. You need to know how much traffic the IPS system will handle; if there is need for a passive system that will only alert you; or if there is a need to drop malicious traffic.

NetSieben can examine your current network infrastructure, and determine the area of the network that needs extra security, recommending appropriate hardware to handle current requirements and future growth needs.

back to top

There has been an increase in the variety of IPS products on the market as companies have become more aware of the need for greater security. Starting with light IPS implementations which are built into firewalls, and ending with complex architectures consisting of software and hardware sensors, log collectors and parsers, management servers.

In addition IPS hardware may come with different feature sets and technologies. The most advanced IPS systems now have built-in Honeypot and Darknet technologies, designed to attract hackers in order to monitor their activity.

Having years of field experience, NetSieben engineers can help a company sort through the options available, making sure the correct hardware meets the needs of the enterprise.

back to top

An IPS system can be useful in more ways than just monitoring for unusual and malicious traffic patterns. A strategically deployed IPS system can be used to map the network architecture and determine traffic flow patterns. This task is accomplished through network discovery, a technology supported by a few modern IPS systems.

With network discovery technology IPS can determine the data flow patterns by monitoring network over a period of time. Administrators can examine the collected data and provide useful insights into the users' network access habits, server configurations and security policy effectiveness.

back to top

There is a difference between how a firewall and IPS policies are configured. IPS policies usually need to be more granular than those on a firewall. Additionally it is recommended to monitor the traffic flows for at least a month before starting to drop packets.

To fully utilize an IPS box it has to run in gateway mode, thus making sure it can police the traffic passing through it.

For more information or pricing please call us at (866) 395-1047 fill out this secure form.

back to top