An Intrusion Detection and Prevention System (IDPS) is in place to monitor the health and status of organizational networks and devices. Next Generation Firewalls typically have intrusion detection and other advanced machine analytics capabilities built in.
Discuss the concept of IDPS.
Where should IDPS be implemented in your IT infrastructure?
Your initial post should address the seed questions in either the technology or workflow group below.
Technology: What is the difference between an IDS and an IPS? Why is it important to perform a network traffic baseline definition analysis? If a Snort IDS captures IP packets off a LAN segment for examination, is this an example of promiscuous mode operation? Are these captured packets saved or logged? What is the difference between a host-based and network-based IDS?
Workflow: What are the benefits to increasing the levels of automation in network monitoring? What are the cognitive tradeoffs in offloading monitoring and analysis tasks to IDPS technology? What can people who work in cyber and security monitoring do with the time they get back via automation? Are there risks? What should the threshold be for an IDPS to take a direct action on the network without human intervention?