IPS use cases
You must implement the intrusion prevention system (IPS) in the traffic flow so that it can prevent suspicious packets from reaching their destination. If you use an intrusion detection system, there is more flexibility in the location, since the IPS can receive a copy of the traffic for the primary purpose of analysis and reporting.
|
When implementing IPS profiles, Fortinet recommends to tune the sensor to reflect the environment it protects. This involves selecting only signatures that match the services and devices it is meant to protect and adjusting thresholds for selected anomalies to suit your environment. |
|
IPS use case |
Deploy IPS... |
|---|---|
|
Perimeter protection |
At the network edge to provide protection against external attacks. |
|
Datacenter protection |
Within a datacenter to protect critical servers and applications against internal and external attacks. |
|
Internet network protection |
Within an internal network to provide protection against lateral movement by attackers to prevent spread of malicious activity. |
|
Cloud protection |
Within cloud environments, such as public or private cloud environments, to provide protection against cloud-based threats, including account takeover and data breaches. |
For a deeper understanding of IPS use cases, see the IPS Architecture Guide.