The recent cyber-attacks on hospitals highlight the healthcare industry’s need to improve concurrent security. But in this age of interoperability, what steps should you take to achieve maximum security? We have written briefly on cyber-security, and now we will dive deeper into each recommended tactic to give you a much better understanding of what it takes to protect patient data and maintain superior architectural posture.
Two important components of a multi-layered security infrastructure are an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS). Which solution is best for your organization? The short answer is: both. While the systems are similar, each complements the other. In fact, some vendors package them as one powerful solution to be deployed simultaneously for a stable, secure infrastructure – free from malware and viruses.
Let’s take a look at the differences between IPS and IDS and how they work together to keep your data safe from malicious cyber-attacks.
IPS Location: You shall not pass.
Most of us have heard of and have a general understanding of what a firewall is and does. IPS is closely related to an enterprise firewall in that it sits in-line between two networks to regulate data traffic. This deployment in-line with data traffic or between networks gives it the ability to directly block access from an attacker or block access to targeted data. The IPS is strategically placed to guard and defend. If IPS were not placed in-line, it wouldn’t be able to function.
IDS Location: I’ve got my eye on you.
The IDS does not sit directly in the line of traffic like the IPS. It sits on the sidelines (usually on an Ethernet or wireless network) and passively watches the data traffic into the network for any signs of disturbances. How does watching the data protect it? IDS detects threats against sensitive data early. It is beneficial to have this technology as an overwatch to prevent the likelihood of a breach or other various types of malicious activity.
How IPS Protects: The security guard
An IPS, as previously mentioned, functions similarly to a firewall. However, unlike a firewall, which accepts access based on specified rules, IPS denies access to internal networks based on specified rules. Also, an IPS can protect much more than just web services which tend to be a firewall’s specialty; it can protect entire internal networks down to specific data streams. It is imperative to consider hardware and appropriate data throughput when planning to deploy an IPS. This will prevent hardware from bottlenecking and forcing unwanted false positives.
Don’t forget: IPS is not a “set it and forget it” kind of system. Custom rules or blocking signatures must be continuously created, monitored and updated around new threats to avoid those pesky false positives. The IPS alert feed must be monitored and responded to 24/7 for appropriate, secure protection. Sound impossible? A managed services provider is a very popular choice for organizations that either can’t afford the appropriate staff on hand or supply the appropriate amount of time to procedure.
How IDS Protects … or Detects: Like a security camera for your data
An IDS doesn’t necessarily protect the data like its gatekeeping IPS counterpart. It was developed to detect unusual activity, like a security camera for your data. The IDS restricts traffic by sending alerts to intervene if traffic patterns are irregular, packets contain abnormal content, or if the overall health of the security server changes at any point. Similar to IPS, success with IDS also requires 24/7 personnel dependability if a threat arises. Managed service companies that specialize in data security are highly recommended.
Better Together: Many Layers of Sustained Data Security
The IPS and IDS separately are important for any organization’s data security. Together, they are a one-two punch, forming one of the many layers of sustained data security. IDS passively observes traffic and when an irregularity occurs, IPS is promptly alerted and pounces to actively address and dispose of the packets in question.
The teamwork between the two is powerful, but not automatic. Consistent oversight of alerts by trained staff is important. But once you take this crucial step in securing your infrastructure, the interoperability door is wide open.
Seth Hobgood is the Principal and CTO at Interoptex.