Calculating TCO on Intrusion Prevention Technology

by Eugene E. Schultz, Ph.D. Sept. 1, 2017 via SANS Institute

An intrusion prevention system (IPS) is a security technology that monitors network traffic and/ or system processes to identify malicious, undesirable, and/or anomalous behavior and reacts in real-time to halt this behavior (see features and functions sidebar). The leading type of intrusion prevention technology is network-based intrusion prevention. Network intrusion prevention systems operate in line to monitor all network traffic for potential attacks and the presence of malicious code (malware). When IPSs identify an attack or the presence of malware, they use policies to selectively drop the associated packets, but allow normal traffic to go through. The result is that potentially harmful events, such as file system manipulation requests, attempts to overrun input into memory and other exploits in progress, are stopped.