Fortinet black logo

IPS Concept Guide

Home FortiGate / FortiOS 7.4.2 IPS Concept Guide
7.4.2
7.4.2

What is IPS?

What is IPS?

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity, or security policy violations.

An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSes.

You can implement IPS in the form of a standalone appliance or as part of the feature set of a next generation firewall. IPS uses signatures, protocol decoders, heuristics (or behavioral monitoring), threat intelligence, and advanced threat detection to prevent exploitation of known threats. Some IPS implementations can even help prevent zero-day threats. FortiGate IPS can perform deep packet inspection to scan encrypted payloads to detect and prevent threats from attackers.

This guide aims to dive deeper into different IPS features and technologies and introduce how FortiGate IPS implements these features.

Intended audience

This guide is intended for an audience who is interested in understanding how IPS technology works and the benefit it can bring to organizations of all shapes and sizes. Readers should have a good understanding of networking and security concepts, such as traffic flows, application traffic, network protocols, CVE-ID, vulnerabilities, and exploits. Junior to intermediate level network security specialists should be comfortable with the content in this guide.

About this guide

This guide aims to introduce the concept of IPS, as well as the products and techniques Fortinet uses to implement it. After reading this guide readers should be comfortable talking about different IPS methodologies and types and have a good understanding of where these systems reside in a network.

Previous
Next

What is IPS?

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity, or security policy violations.

An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSes.

You can implement IPS in the form of a standalone appliance or as part of the feature set of a next generation firewall. IPS uses signatures, protocol decoders, heuristics (or behavioral monitoring), threat intelligence, and advanced threat detection to prevent exploitation of known threats. Some IPS implementations can even help prevent zero-day threats. FortiGate IPS can perform deep packet inspection to scan encrypted payloads to detect and prevent threats from attackers.

This guide aims to dive deeper into different IPS features and technologies and introduce how FortiGate IPS implements these features.

Intended audience

This guide is intended for an audience who is interested in understanding how IPS technology works and the benefit it can bring to organizations of all shapes and sizes. Readers should have a good understanding of networking and security concepts, such as traffic flows, application traffic, network protocols, CVE-ID, vulnerabilities, and exploits. Junior to intermediate level network security specialists should be comfortable with the content in this guide.

About this guide

This guide aims to introduce the concept of IPS, as well as the products and techniques Fortinet uses to implement it. After reading this guide readers should be comfortable talking about different IPS methodologies and types and have a good understanding of where these systems reside in a network.

Previous
Next