IDS is the art of detecting inappropriate, incorrect, or anomalous activity. IDS can be used to determine if a computer network or server has experienced an unauthorized
intrusion. An IPS is used to actively drop packets of data or disconnect connections that contain unauthorised data. Intrusion-prevention technology is also commonly an extension of intrusion detection technology. IPS solutions are the new breed of IDS. Although there are some fundamental differences, the concepts are exactly the same. The two main differences are:
1. Most IPS systems can go inline, like a firewall. Traffic must pass through them in order to get to its destination.
2. Because IPS systems can go inline, like a firewall, they not only have an ability to ‘alert’ about possible hostile action, they have the ability to block it, just like a firewall.
Most IDS solutions today are becoming IPS solutions as vendors are quickly responding to the new market trends and demands. I suspect that within a year IPS solutions will be the standard in detection, offering deployment flexibility to alert and/or block.
Host Intrusion Prevention Services monitor your network and server traffic for intrusions that may occur on critical segments and servers of your infrastructure. Essentially, Connet watches for tell-tale signs of attack and abnormalities in network traffic that may signal an attempted intrusion.
To protect your system from these types of threats, Connet experts will work with your technology staff to understand which areas of your network are strategic to your company. We use this information to architect a solution to best secure your company by placing sensors on these networks and servers, which listen for suspicious activity and maintain constant communication with our 24x7 Security Operations Centre. If we detect suspected attack activity, our operators launch notification, escalation, and remediation recommendations. These activities are tailored to your environment and the expertise of your technology staff.
As the security landscape is constantly changing, Connet has assembled a team of security experts to constantly upgrade our technologies and response strategies. Our extensive security resources and partnerships allow us to develop a robust knowledge base of security information. We continuously push this knowledge to our customers in the form of updates, so they can maintain up-to-date protection from malicious activity. Examples of the activities we watch for are:
- Backdoor Signatures - Hidden software or hardware mechanisms that circumvent security controls
- O/S Exploits - Attacks specific to the operating system
- Scans/Probes - An effort to gather information about a machine or its users in order to gain unauthorized access to the system at a later date
- Denial of Service Attacks - Inundation of hardware or a website with requests in order to deny legitimate parties access.
- Virus-Related Activity - Anomalous network traffic resulting from a virus outbreak
- Internet Service Exploitation - Attacks that are specific to Internet related services (Finger, FTP, NETBIOS, SMTP, TELNET, ICMP)
Connet Managed Network and Host Intrusion Detection & Prevention Services is a turnkey, vendor-neutral managed solution. Built on commercially supported best-of-breed products, Managed Network and Host Intrusion Detection & Prevention Services is managed, monitored and maintained by experienced security analysts 24x7x365, and completes perimeter security without the risks or the challenges of doing it internally.
Supports solutions from leading providers such as Cisco, McAfee, Tipping Point, Juniper Netscreen, Fortinet, IBM ISS, Snort, SourceFire, Fortinet and 24x7 monitoring and support - Connet's state-of-the-art Security Operations Center (SOC) maintains constant vigilance for your perimeter security.
Connet offers four Service Level options with distinct, quantifiable Service Level Agreements (SLAs) to best meet customer needs and address support level preferences. These unique tiers provide different levels of response time, report content and frequencies, and data storage. Our Security Posture 1 and 2 packages offer excellent service tailored for less complex infrastructures that require basic support, while Security Posture 3 and 4 packages offer customers with complex and stringent requirements a host of customisations, extra features and extra functionality. And remember, subscribing to Managed Intrusion Detection & Prevention Services does not require purchase of hardware or software, study of technical manuals or constant updating of your systems.