Network Intrusion Prevention System

Learn how a Network Intrusion Prevention System monitors and blocks traffic in an organization.

Overview

A network intrusion prevention system (NIPS) is a device that monitors network traffic. It’s very similar to how a firewall inspects network packets. In most cases, the NIPS is installed at the perimeter to protect an organization’s internal network from internet-based attacks.

How it works

An intrusion detection system can be considered the next evolution of a firewall, as it:

  • Uses more sophisticated methods of inspecting packets.

  • Examines different layers of the network packets.

  • Evaluates a collection of several packets to identify patterns or anomalous behavior.

Alert-only mode

It can be challenging to tune a NIPS properly so that it doesn’t alert (or even worse, block) based on false positives. The first phase of implementation should be to put the NIPS into alert-only mode so that it can be tuned to only generate meaningful alerts.

Block mode

The earlier version of a NIPS is a network intrusion detection system (NIDS), which only provides alerts and can’t block any network traffic. In most cases, a NIPS renders a NIDS obsolete because it can actually block malicious traffic.

Note: Because a NIPS is considered a step above a firewall, which is fundamental to a security program, it’s considered a level 2 security objective.

Get hands-on with 1400+ tech skills courses.