Detection and Prevention: The IPS in the US Enterprise

Detection and Prevention: The IPS in the US Enterprise

Intrusion prevention systems (IPS) analyze network packets for exploits, protocol irregularities, and security policy violations. When an event is detected, the IPS sends an alert and relevant log information for security operations teams to review and act on. The IPS may also block the threat outright, depending on the severity of the threat and on the policies the enterprise deploys.

In contrast, an intrusion detection system (IDS) cannot provide protection, as it does not have built-in enforcement functionality. IDS must rely on adjacent routers and firewalls to provide this functionality. By design, IDS do not negatively impact network traffic—IDS scan copies of network packets to eliminate the chance of adding latency.

An enterprise must choose either protection or detection, depending on the value of its data and the urgency of its data transmission and reception. Enterprises requiring real-time inspection and protection capabilities can choose to deploy an IPS, a next generation IPS (NGIPS), or a data center IPS (DCIPS,) depending on the type of traffic they’re protecting.

IPS are widely deployed, with over 87.6% of respondents from the 2017 NSS Labs Security Architecture Study indicating IPS deployment. The majority of IPS deployments (72.2% across all enterprises) take place on premises, while the adoption of cloud and combined deployments is less common (15.3% across all enterprises).

Where IPS is deployed bar graph

IPS management typically falls on the shoulders of security operations teams (62.2%), followed by network operations (21.4%) and IT (9.7%) teams. Other teams responsible for managing IPS include infrastructure, architecture, and development operations (DevOps) teams. API usage across all enterprises sits at 11.1%, with large enterprises (LEs) reporting the highest percent of API utilization (14.7%).

How well do IPS products work? NSS Labs currently conducts hands-on testing with both NGIPS and DCIPS technologies and also offers near real-time assessment of IPS security efficacy via our CAWS Continuous Security Validation Platform. If your organization currently deploys IPS technology, we’d love the opportunity to learn more about your experiences deploying and managing this technology.

NSS Labs will be releasing a series of Intelligence Briefs that focus on security controls in the US enterprise, one of which is focused on intrusion prevention systems. The series will report on security product usage as reported by 510 information security professionals representing 50 US industries. This paper will be available to subscribers to our research library

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

TAGS: Intrusion Prevention Systems, IPS