Intrusion Detection & Prevention

With the increasing sophistication of attacks, traditional security systems are no longer sufficient to protect a network. While firewalls provide separate company owned networks from the Internet, they cannot provide any ability in distinguishing legitimate users from attacking users. To a firewall, whether a user is requesting an image, or a password file, is beyond the capability of a firewall. Intrusion detection and prevention (IDP) systems have been designed to overcome this limitation,

IDP systems are designed to be protocol aware; they understand the difference between legitimate requests, and exploit of vulnerabilities. This information is provided through the use of trend analysis and pattern matching.

IDP systems can provide complex and customisable automated responses to an attack. For example, a port scan is almost inevitably the first stage of an attempted penetration. A well configured IDP can detect a port scan, and block all traffic from that IP address for a fixed time. This can provide strong, automated security, reducing human error and eliminating response times.

While this automation provides strong security, configuring the IDP correctly can prove to be difficult. The risk of denying legitimate users access to resources usually leads administrators to configure IDPs to be little more than a logging system. While useful for forensics and repair, such a policy does enhance overall security, as a penetration has already occurred.

Content Security can design, implement and manage an IDP system on behalf of your company, leveraging our extensive experience in information security for your benefit. For more information on how we can help detect and prevent intrusion detection in your organisations network architecture, please contact our sales team.