In combination with vulnerability assessment tools, intrusion detection technologies are good tools for audit and forensic analysis of an attack—after it has occurred. These systems do not prevent damage. IDS tools are passive and reactive—typically scanning for configuration weaknesses and detecting attacks after they occur.
New to intrusion detection? Check out this faq by Robert Graham: http://www.infosyssec.net/infosyssec/netintrufaq.htm
Intrusion prevention goes one step beyond IDS by recognizing unusual behaviour in the system and blocking it in real-time before the intrusion can execute. IPS differs from traditional intrusion detection in that it actually prevents, rather than only detecting the occurrence of, attacks. Intrusion prevention offers a considerable advantage in that it lightens the burden of enterprise security administration. In addition to protecting you from vulnerabilities, IPS technologies will actually secure internal resources from attacks sourced inside the network by restricting behaviour of potentially malicious code, providing a record of attack and notifying enterprise security personnel when an attack is repelled. The current state of intrusion prevention technology serves as a realistic replacement strategy for environments requiring proactive and preventive security measures in the face of attacks.
We’re experts in Cisco and ISS threat prevention technologies. Our years of professional services in a variety of client environments give us valuable experience that we’d like to share with you. Our experience includes the Site Protector and Proventia, VMS and CSAMC, Cisco Security Agent (CSA), Intrusion Detection System Services Modules (IDSM-2) and legacy Cisco Secure Intrusion Detection. We are ISS and Nokia certified, and hold rare CCIE Security certification.