Enterprise edge
A network perimeter is the secured boundary between the private and locally managed side of a network, often a company’s intranet, and the public facing side of a network, often the internet. IPS is typically deployed at this edge to protect the internal network from external threats such as malware, hacking attempts, and other malicious activities. In addition, perimeter IPS protects outbound traffic, such as critical assets reaching public networks. The IPS is typically placed in-line with the traffic flow at the network edge between the perimeter firewall and the internal network.
IPS is commonly applied in the following locations within the enterprise edge:
Internet to server
In effective perimeter networks, incoming packets flow through security appliances that are hosted in secure subnets, before the packets can reach back-end servers. Security appliances include firewalls, network virtual appliances (NVAs), and other intrusion detection and prevention systems. Internet-bound packets from workloads must also flow through security appliances in the perimeter network before they can arrive the secure network.
Usually, central IT teams and security teams are responsible for defining operational requirements for perimeter networks. Perimeter networks can provide policy enforcement, inspection, and auditing.
Creating IPS rules to protect the backend servers also requires deep packet inspection.
Client internet access
Vulnerabilities on client applications, like web browsers, are an increasing attack vector. Client to internet IPS protection is becoming more important. Enabling client-targeted IPS signatures on general internet policies is common practice as minimum IPS protection.
Remote access
IPS is applied to remote access connections such as VPNs to ensure that only authorized users are allowed to access the network. This includes analyzing remote access traffic for suspicious activity, such as brute force attacks or unauthorized access attempts.
Cloud service access
You can apply IPS to cloud services to protect against threats originating from cloud-based applications and services. This includes analyzing traffic to and from cloud services, such as cloud-based email or storage services, to detect and prevent malicious activity.
Partner connections
You can apply IPS to partner connections, such as connections to other corporate networks or third-party vendors, to ensure that these connections do not pose a threat to the internal network. This includes analyzing partner traffic for suspicious activity and blocking any malicious activity before it can reach the internal network.