In: Computer Science
Cybersecurity
There are many different network threats nowadays that it's almost impossible to keep up with every single one of them. There are many different attack vectors that many times a single security product won't fully protect a network. For this discussion find a product or service that you believe every organization should be using to help protect their network environment. Write a couple of paragraphs to discuss the product or service and why you believe it's critical to use it.
Cybersecurity is the practice of protecting the systems from cyber attacks. The objective of the cyber attacks is to steal, destroy or change the information of the computer systems in order to extort money. Nowadays, a lot of advancement is happening and every business is connected to the internet hackers has devised new methods in order to overcome the security systems of the organisation,
There are many products that organisation use but the most effective that I believe that every organisation should implement is: Intrusion Prevention System (IPS)
IPS is a system which checks the network traffic for suspicious activities, collect the information about malicious activities, alerts the administrator when such activities are founded and making attempts in order to block these activities.IPS work by capturing the packets from traffic in real-time to detect suspicious activity. The data packet is checked for suspicious activity and therefore can actively block the packet from reaching the destination.
Different methods used by IPS to detect Intrusion are:
1) Signature-based Detection- This method makes use of predefined signatures in the form of patterns of generally known threats. When an attack happens whose signature matches with one of the predefined signatures or pattern then the system takes necessary steps to prevent this attack.
2)Anomaly-Based- In this method systems detect suspicious activities through their unexpected or abnormal behaviour in the network. An anomaly can also be thought of as an outlier when the system detects an anomaly it blocks the target host computer.
3)Policy-Based- In this approach, a number of security policies of the organisation are involved the network administrator can configure the policies accordingly to the organisation. When any activity violates the security policy an alert is sent to the network administrator
.If deployed correctly the Intrusion Prevention System (IPS) provides proactive security from most of today's dangerous cyber attacks.