What Is An IPS?
An intrusion prevention system (IPS) is similar to an intrusion detection system (IDS) but goes a step further. Like an IDS, an IPS can use signature or anomaly-based detection to identify potentially malicious communications or access attempts in network traffic. An IPS can be deployed to protect a particular host, or at the enterprise perimeter to protect an entire network.
The combination of signature and anomaly-based detection enables an IPS to detect and respond to both known threats, such as those assigned Common Vulnerabilities and Exposures (CVEs) and common errors as described in the OWASP Top Ten, and zero-day threats. An IPS prevents the exploitation of applications such as Adobe Acrobat and browser exploits, and prevents attacks such as Log4J and other well-known vulnerabilities documented in the CVE database.
The main difference between an IDS and an IPS, is that an IDS is focused on detecting and generating alerts about potential threats, while an IPS also blocks malicious connections or access attempts. An IDS may be deployed as an inline sensor that monitors the traffic it is protecting, or as a passive sensor that monitors a copy of the traffic through a network tap. However, to enable blocking malicious communications in real time, an IPS needs to be deployed inline.
What Is Cloud IPS?
A cloud IPS is an IPS deployed in the cloud to protect sensitive resources when they are accessed remotely, or alternatively, to protect cloud-based resources as part of IaaS security..
- When deployed to secure access from remote users to resources located on-premises or in cloud environments, all traffic from the user to the target service or application is monitored to detect and block suspicious connections. For example, a VPN-as-a-service may feature an integrated cloud IPS to prevent malicious connections and exploitation attempts targeting an organization’s systems, servers and applications.
- When deployed to secure branch office connections to the organization’s data centers, remote sites, campus, hub or IaaS, all traffic from the branch office (e.g. originating from the branch SD-WAN router, a generic router or other customer premises equipment) is inspected for known vulnerabilities, with malicious connections blocked in real time.
- When deployed to secure IaaS environments, a cloud IPS monitors traffic moving into and out of the cloud infrastructure and blocks any suspicious access attempts from reaching the organization’s cloud environments (e.g. cloud data center, production environment etc.).
A cloud IPS can be deployed as a standalone solution or as part of an integrated security product. For example, an IPS may be integrated into a next-generation branch firewall-as-a-service (Next Generation FWaaS), a cloud-native FWaaS for IaaS environments or be deployed as part of a Secure Access Service Edge (SASE) offering. Alternatively, an organization may be able to take advantage of the functionality of an IPS via a service model.
Cloud IPS vs On-Premises IPS - What Is The Difference?
Cloud and on-prem IPS have the same purpose of identifying and blocking attempted attacks against an organization’s resources. They differ largely in how they are deployed and the resources that they protect.
An on-prem IPS can be deployed as a standalone physical appliance, virtualized solution, or integrated into another product such as an NGFW. It protects the users and applications connected to the enterprise internal network.
A cloud IPS, on the other hand, is deployed in a service-based model from the cloud, either as a standalone solution, or as part of integrated security solutions for remote user access, branch access or cloud data centers and production environments (IaaS). Depending on the deployment model, it may therefore be used to protect only IaaS, or a combination of IaaS and on-premises services for remote users and branches.
Cloud IPS Features
A cloud IPS must offer certain features to prevent attacks against the protected network, including:
- Virtual Patching: Software vulnerabilities are a growing problem, and many organizations struggle to keep up with patching their environment when a new software update is released to block a new threat. Cloud IPS solutions protect on-prem and cloud-based applications by blocking traffic that is attempting to exploit known vulnerabilities in unpatched software such as those included in the CVE database. This offloads the burden of manually patching user systems, enterprise servers or cloud applications as the cloud IPS protects against the new vulnerability with no manual intervention required by the IT or security team.
- Note: When it comes to protectings against a newly-discovered software vulnerability, time is of the essence. The sooner a vendor updates its cloud IPS service with a new signature, or virtual patch, against a new security hole, the more effective it is in preventing its exploitation in customer environments.
- Painless deployment: Avoiding false positives is critical for an effective cloud IPS deployment. As a cloud IPS blocks malicious connections, rather than only detecting them, it is imperative that it does not cause unnecessary downtime, lost business and transactions, and only stops genuine attacks in real time. In addition, a cloud IPS works seamlessly, so as not to impede performance.
- Integrated Security: IPS functionality is commonly integrated into other security solutions such as SASE, SSE, a Next Generation FWaaS or a security gateway for cloud-native environments. This security integration simplifies the management of an organization’s security architecture and enables automated and consistent responses to potential threats.
The Benefits of Cloud IPS
Cloud IPS can provide significant benefits to an organization, such as:
- Remote Access Protection: Companies are increasingly supporting remote workers that require access to on-premises resources as well as cloud-based environments. A cloud IPS can provide protection for corporate resources residing in both on-premises and cloud data centers and are often integrated into secure remote access solutions as part of a VPN-as-a-service, branch FWaaS, SSE or SASE offering.
- Cloud Protection: Companies are increasingly embracing cloud infrastructure for developing and delivering online services, data storage and processing. A cloud IPS is an integral component of an enterprise-grade cloud security strategy.
- Managed Security: IPS functionality is available under service-based offerings, such as SASE or firewall as a service (FWaaS). These managed security offerings enable an organization to outsource responsibility for parts of its cloud or remote work security to a security provider. When it comes to patching dozens, hundreds or even thousands of systems, servers and applications, the ability to virtually patch against a new vulnerability becomes priceless, and ensures organizations are protected even if they have not had time to apply the required software updates.
- Scalability: Cloud IPSs can take advantage of the native scalability of cloud-based infrastructure. This allows them to scale to meet evolving business needs and to seamlessly protect expanding cloud-based infrastructure.
- Flexibility: Cloud IPS solutions are deployed as cloud-based services. This makes it easy to deploy, reconfigure, or retire an IPS based on the needs of the business and changes in corporate cloud infrastructure.
Cloud IPS With Check Point
SASE solution that integrates cloud IPS into a full security stack delivered from the cloud to secure remote access to on-prem and IaaS resources, as well as protect branch office connections. To learn more about SASE and how it can help secure your organization’s remote and hybrid workers,
Check Point’s SASE offering — delivers ZTNA, SWG, CASB, and FWaaS to protect users and branch offices with zero-trust access control, advanced threat prevention, and data protection. Explore the capabilities of Harmony SASE for yourself with a free demo today.
Feedback