IDS & IPS
Will ids replace the ips ?
In the near-term, prevention systems likely will replace detection systems at the perimeter. But detection still will be needed elsewhere on the network to augment IPS, which errs on the side of giving too little event information.
"Say someone brings in a laptop and it's infected with Welchia. Intrusion prevention will not stop that from spreading through the subnet unless it's directly between the infected computer and everyone else's," Pearson says. "You need a detection system to see that something's spreading. And you need protection systems to drop malicious traffic on the way in."
Difference between IPS and IDS
A common notion is that an Intrusion Prevention System [ IPS ] is nothing more than an Intrusion Detection System [ IDS ] deployed in-line with blocking capabilities. This paper explains why that notion is correct.
IPS and IDS both examine traffic looking for attacks but they are critically different. IPS is an in-line device designed for automatic enforcement of network policy, where an IDS is an out-of-band device designed as a forensic tool for security analysts. This paper examines is which is better and further differences between them.