Intrusion Prevention System (IPS)

FortiGate IPS: Defend against known threats and zero-day threats | Intrusion Prevention System
Fortinet FortiGate firewall provides a comprehensive security-driven network platform that can provide enterprises with industry-proven IPS solutions, help enterprises achieve excellent security defenses and provide industry-leading IPS performance. The platform is supported by FortiGuard Labs' AI/ML-driven threat intelligence.

What is an intrusion prevention system (IPS)?
An intrusion prevention system (IPS) can help companies identify malicious traffic and proactively intercept such traffic from entering the corporate network. Enterprises can deploy the IPS function to the direction of the stack flow to monitor and check whether there are vulnerabilities and exploit programs in the stack flow; if a threat is detected, appropriate measures can be taken in accordance with the security defense strategy, such as blocking access, isolating the host or Prevent access to external websites to avoid introducing potential threats, etc.

How intrusion prevention systems work
IPS is usually deployed online. It is located on the communication data stream between the source address and the destination address. It can analyze all network traffic along the path in real time and take automatic preventive measures. The IPS function can be deployed anywhere in the network data stream, but the most common locations are:

•Corporate Edge/Border
•Enterprise Data Center

IPS can be deployed as a stand-alone solution or integrated into the comprehensive IPS function of the next-generation firewall (NGFW). IPS uses vulnerabilities or unique signature libraries of exploit programs to identify malicious traffic, including signature detection and statistical abnormal behavior detection.

• Signature detection technology uses a unique identification signature in the exploit code. Once exploited programs are discovered, their signatures are marked into an ever-expanding database. IPS signature detection requires two types of signatures: one is the exploit signature (used to identify each exploit) and the other is the exploit signature (used to identify the system vulnerability idiom targeted by the attacker). Vulnerability signature statistics can help identify emerging potential threat variants, but it also increases the risk of false positives (incorrectly marking legitimate packets as threats).
•Statistical anomaly detection will randomly take a sample of data traffic and compare it with the standard. If the sample is not within the standard range, the IPS will trigger actions to prevent potential attacks.
Once malicious traffic invading the network is discovered, IPS will deploy and update virtual patches for defense. Virtual patch is an effective security protection measure that prevents attackers from using known and unknown vulnerabilities to invade corporate networks. The virtual patch works by implementing security policies and rules to prevent attackers from sneaking into the corporate network path to find vulnerabilities, so as to achieve vulnerability defense at the entire network layer instead of just the host layer.

IPS vs. IDS
IPS is an enhanced version of the Intrusion Detection System (IDS). IDS technology uses the same concept to identify traffic, and also uses some similar technologies, but the main difference is that IPS is deployed online, while IDS is a bypass deployment. It checks the entire traffic, monitors network threats and provides relevant analysis and analysis. Visibility, but no preventive measures can be taken.

When a threat is detected, the IDS system will send a potential threat alert to the network administrator, and the IPS system can take more substantial defensive measures to control network access, monitor intrusion data, and prevent the expansion of the attack level.

FortiGate IPS
Fortinet FortiGate firewalls provide a comprehensive IPS solution — the solution can be deployed as a stand-alone IPS device or integrated into the firewall's comprehensive IPS function. FortiGate IPS has been verified by NSS Labs and other third-party evaluation tests to achieve highly effective security through unparalleled IPS throughput, and can be applied to hardware devices, virtual machines, and cloud-based services.