Comprehensive network security

To protect against the constantly increase of sophisticated evasive threats, intrusion protection systems should deploy inline deep learning, which significantly enhances detections and accurately identifies malicious traffic that was not seen before, without relying on known vulnerability and attack signatures. Similar to the way of neural network, or like the human brain uses to work, deep-learning models go through several layers of analysis and process millions of data points in milliseconds. Each decision must be performed in a really fast way, so the network performance and effectiveness are not put into risk. These sophisticated pattern recognition systems analyse network traffic activity with unparallel accuracy, identifying new malicious traffic, which has never been identified before, in line with extremely low false-positive rates.

This additional layer of intelligent protection that can be used by an IPS tool provides further protection of business’s sensitive information and prevents sophisticated attacks and vulnerabilities that can cause a large damage to the network, and, consequently, to the organization or company.

One of the main concerns regarding not only IDS systems, but also among the IPS tools is related to the false positive rates they may produce. Each alarm demands attention from the administrator or the information technology team, resulting a time consuming and requiring a deep analysis to make sure the alarm was a true positive. False positive alarms also demand the same effort, that when not true, have a negative impact on the team and result in a waste of time and work.

Just like an IDS system, also in IPS it is important to understand the network and organization security needs, planning the implementation in advance and making sure that all security policies are followed. Also, with an IPS there are different ways of implementation, being the most common and robust one, its installation in between the private and public networks. A good IPS planification should take into consideration factors just like comprehensive real-time protection against network vulnerabilities and malware, as well as unknown command and controls. Moreover, the solution must be consistent, simplified and allow a proper policy management across the corporate perimeter, data centre, public and private clouds, between other. In addition, it may also be designed to include intelligence tools, such as machine learning, to successfully prevent attacks, at the same time it allows keeping a high-throughput, low-latency performance to zero in on critical threats, so administrators may focus on what matters most and do not wate time on false positive alerts.

Regarding critical infrastructures, IPS tools are still not efficient yet, and an incorrect implementation may damage more the network than protecting it. Critical systems, working 24h a day, 7 days a week, need a constant communication and network traffic flow, where a simple pause, as short as it may be, may put in danger not just the system, but also human health, depending on the type of critical system.

By nature, IPS is able to block and drop communications, which is not suitable to be applied to a critical system, where communications can never be dropped. Here, the planning and design must be even more precise and careful, when compared to a normal computer network. Though, critical systems are also targets of attacks and vulnerabilities, and their protection is also a need.

Just like on IDS systems, it is also common to find IPS servers installed within the network and the use of different servers within different sub-networks and LANs.