What to Know About Intrusion Prevention Systems

Data breaches are constantly in the headlines and the threat of an attack looms on the horizon for every business leader. The FBI’s 2020 Internet Crime Report shows the Internet Crime Complaint Center received 791,790 cybercrime complaints in 2020 with reported losses exceeding $4.1 billion. Recent attacks such as the Kaseya attack on IT service providers over the July 4^th holiday proves everyone is at risk.

One of the best methods for preventing a breach is a layered approach to cybersecurity. Intrusion prevention systems are one of the major components of such layered security because it provides for constant traffic monitoring and can respond quickly to prevent threats from entering your network.

What is an Intrusion Prevention System?

An intrusion prevention system (IPS) is a technology that provides an additional layer of security to your network and aids in threat prevention. It examines network traffic flows to detect and prevent vulnerability exploits. Malicious actors typically enter a network through an application or service such as email. An IPS disrupt potential hackers by monitoring and interrupting their attack before it can gain control of an application or machine.

Why Do I Need an IPS?

When a bad actor implements and achieves a successful exploit, they can disable target applications, software, and/or systems. This leaves you with a denial of service (DoS) problem. In other words, you won’t be able to access your data, use your applications and/or software, or work productively as usual.

The hacker could also potentially access the rights and permissions for the compromised application, software program, or machine they use to access your network. This means they can steal, delete, change, or damage your valuable business data. This is when ransomware becomes a threat as well as blackmail and the public disclosure of your proprietary information.

In a worst-case scenario, you could lose every bit of your business data, especially if you don’t have backups in place. This could leave a business in a position where work comes to a screeching halt, leading to a loss of reputation, clients, and money.

There were dozens of cyberattacks in 2020 and 2021 is on track to beat last year’s numbers. According to Identity Force, the first quarter of 2020 showed a huge jump in breaches. From the first quarter of 2019 to the same period in 2020, there was a 273 percent increase in hacks.

From Microsoft’s report of 280 million breached records at the start of 2020 to the $130 million in stolen funds due to a Twitter breach, the threat of an attack and data loss is very real. In April 2020, Zoom reported more than 500,000 account credentials stolen by bad actors, and the SolarWinds breach that began in October 2019 caused serious problems for government systems and private networks.

How Does an IPS Work?

Intrusion prevention systems have a multitude of means for detecting exploits attempting to enter a network. Signature-based detection and statistical anomaly-based detection are just two of those methods.

Signature-based detection is based on known, uniquely identifiable patterns (known as signatures) in the code of exploits. When a threat risk is discovered, its signature is recorded and stored in an ever-growing “dictionary” which allows the IPS to “learn” as more threats are detected. Signature detection is further broken down into exploits and vulnerabilities so it can detect both and address those risks as necessary.

Statistical anomaly detection takes samples of traffic from the network it is meant to protect and compares it with pre-calculated baseline performance levels. If a sample of traffic performs outside baseline parameters, the IPS handles it.

An IPS is positioned behind the network firewall and is an extra layer of data analysis that monitors for negative or dangerous traffic. While the IPS acts like an extra guard dog at the front gate of your network, it can do more than bark. The IPS will notify an administrator if anything unusual or nasty tries to enter the network but it also has teeth to bite.

The IPS is in the direct path of communication between the traffic coming in and your network. Once it senses a threat, the IPS goes to work dropping malicious packets, blocks all traffic from the source so nothing more comes in, and resets the connection redirecting any potential risks away from your network.

What IPS Does ORAM Recommend?

When selecting an IPS, you will want to find one that works efficiently without degrading your network performance. It also has to work quickly as attacks usually occur in real-time. This means your IPS needs to detect and respond rapidly even in the face of multiple threats.

At ORAM Corporate Advisors, we recommend Cisco Meraki IPS. Meraki functions on predefined security policies that determine the level of protection needed. These are known as rulesets. Sourcefire, part of Meraki, updates these rulesets on a daily basis to ensure protection against even the latest threats and newest vulnerabilities. These may include viruses, rootkits, malware, and more. The updates are automatic, which means no manual staging or patching on your end.

Cisco’s Meraki IPS is easy to install and takes just seconds to deploy on any network with two dashboard clicks. Another benefit is that IPS security reports are viewable from any internet-accessible device. Data is provided in real-time so your IT team can quickly gauge threat status and make the best decisions for protecting your business and its valuable data.

For more information about intrusion prevention systems or to implement one in your network, contact ORAM Corporate Advisors at (617) 933-5060. The call is free and there’s no obligation.