EXPERT RESPONSE
At a simple level, it's the difference between detection and prevention. IDS products are designed to inform you that something is trying to get into your system where IPS products actually attempt to prevent access.
Both IDS and IPS are designed for different purposes, but their technologies are similar. IDS is best used in situations where there is a need to explain what happened in an attack, whereas IPS stops attacks. An IDS system collects a lot of information that is not actionable from an IPS perspective, such as port scans and other reconnaissance.
An IDS analyzes traffic by comparing traffic to information in its database that contains patterns, called "signatures," found in known exploits. If certain traffic matches a pattern seen in an exploit, the IDS will send an alert to an administrator who can then take action to prevent the exploit or minimize the damage. IPS operates similar to IDS with one critical difference: IPS can block the attack itself; while an IDS sits outside the line of traffic and observes, an IPS sits directly in line of network traffic. Any traffic the IPS identifies as malicious is prevented from entering the network.
 Check out TechTarget's IDS/IPS resources.
|
